Vulnerabilities > CVE-2020-15223 - Improper Check for Unusual or Exceptional Conditions vulnerability in ORY Fosite

047910
CVSS 8.0 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
ory
CWE-754

Summary

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0

Vulnerable Configurations

Part Description Count
Application
Ory
135