CVE-2023-34246 - OpenCVE

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Doorkeeper Project	Doorkeeper

Configuration 1 [-]

cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*

References

Link	Resource
https://github.com/doorkeeper-gem/doorkeeper/issues/1589	Exploit Issue Tracking
https://github.com/doorkeeper-gem/doorkeeper/pull/1646	Patch
https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6	Release Notes
https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html
https://www.rfc-editor.org/rfc/rfc8252#section-8.6	Technical Description

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-12T16:33:05.704Z

Updated: 2023-06-12T16:33:05.704Z

Reserved: 2023-05-31T13:51:51.173Z

Link: CVE-2023-34246

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-12T17:15:09.967

Modified: 2023-07-12T15:15:08.847

Link: CVE-2023-34246

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-34246", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-31T13:51:51.173Z", "datePublished": "2023-06-12T16:33:05.704Z", "dateUpdated": "2023-06-12T16:33:05.704Z"}, "containers": {"cna": {"title": "Doorkeeper Improper Authentication vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w"}, {"name": "https://github.com/doorkeeper-gem/doorkeeper/issues/1589", "tags": ["x_refsource_MISC"], "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/1589"}, {"name": "https://github.com/doorkeeper-gem/doorkeeper/pull/1646", "tags": ["x_refsource_MISC"], "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1646"}, {"name": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6"}, {"name": "https://www.rfc-editor.org/rfc/rfc8252#section-8.6", "tags": ["x_refsource_MISC"], "url": "https://www.rfc-editor.org/rfc/rfc8252#section-8.6"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html"}], "affected": [{"vendor": "doorkeeper-gem", "product": "doorkeeper", "versions": [{"version": "< 5.6.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-12T16:33:05.704Z"}, "descriptions": [{"lang": "en", "value": "Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6."}], "source": {"advisory": "GHSA-7w2c-w47h-789w", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "641ABDD9-506A-4C4D-9841-3CBECA3E5D0B", "versionEndExcluding": "5.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6."}], "id": "CVE-2023-34246", "lastModified": "2023-07-12T15:15:08.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-06-12T17:15:09.967", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/1589"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1646"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w"}, {"source": "security-advisories@github.com", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html"}, {"source": "security-advisories@github.com", "tags": ["Technical Description"], "url": "https://www.rfc-editor.org/rfc/rfc8252#section-8.6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Secondary"}]}