High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-04	CVE-2020-10187	Missing Authorization vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. network low complexity doorkeeper-project CWE-862	7.5
2018-07-13	CVE-2018-1000211	Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. network low complexity doorkeeper-project CWE-732	7.5