Vulnerabilities > Doorkeeper Project

DATE CVE VULNERABILITY TITLE RISK
2023-06-12 CVE-2023-34246 Unspecified vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
network
low complexity
doorkeeper-project
6.5
2020-05-04 CVE-2020-10187 Missing Authorization vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner.
network
low complexity
doorkeeper-project CWE-862
7.5
2018-07-13 CVE-2018-1000211 Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
network
low complexity
doorkeeper-project CWE-732
7.5
2018-03-13 CVE-2018-1000088 Cross-site Scripting vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload.
network
low complexity
doorkeeper-project CWE-79
6.1
2017-01-23 CVE-2016-6582 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
network
low complexity
doorkeeper-project CWE-254
critical
9.1