Vulnerabilities > CVE-2016-6582 - 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
- http://seclists.org/fulldisclosure/2016/Aug/105
- http://www.securityfocus.com/archive/1/539268/100/0/threaded
- http://www.securityfocus.com/bid/92551
- https://github.com/doorkeeper-gem/doorkeeper/issues/875
- https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0