Insufficient Token Expiration

Affecting doorkeeper gem, versions >=4.2.0, <4.4.0 || =5.0.0.rc1

Do your applications use this vulnerable package? Test your applications

Overview

doorkeeper is an OAuth 2 provider for Rails and Grape.

Affected versions of this package are vulnerable to Insufficient Token Expiration. All OAuth applications using public or non-confidential authentication when interacting with Doorkeeper would attempt to authenticate the public OAuth client as if it were a confidential app. This would cause the token to not be revoked from the endpoint, and the token could be used for the remainder of that token's lifetime.

Remediation

Upgrade to version 4.4.0, 5.0.0.rc2 or higher

References

CVSS Score

7.5
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Credit
Roberto Ostinelli
CVE
CVE-2018-1000211
CWE
CWE-613
Snyk ID
SNYK-RUBY-DOORKEEPER-22044
Disclosed
16 Jul, 2018
Published
19 Jul, 2018