CVE-2016-6582

critical

Description

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

References

Advisories
More

https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0

https://github.com/doorkeeper-gem/doorkeeper/issues/875

http://www.securityfocus.com/bid/92551

http://seclists.org/fulldisclosure/2016/Aug/105

http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html

http://www.securityfocus.com/archive/1/539268/100/0/threaded

Details

Source: Mitre, NVD

Published: 2017-01-23

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01187

Detections

Analytics