Sha256: e306b7f2843063319dbfe85d016108185b30d0f4d87cde27800062f8a913cbb5

Contents?: true

Size: 759 Bytes

Versions: 6

Compression:

Stored size: 759 Bytes

Contents

---
gem: doorkeeper
cve: 2014-8144
osvdb: 116010
url: https://groups.google.com/forum/#!topic/ruby-security-ann/5_VqJtNc8jw
title: |
  Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0
  and earlier.
date: 2014-12-18

description: |
  Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0
  and earlier allows remote attackers to hijack the user's OAuth
  autorization code. This vulnerability has been assigned the CVE
  identifier CVE-2014-8144.

  Doorkeeper's endpoints didn't have CSRF protection. Any HTML document
  on the Internet can then read a user's authorization code with
  arbitrary scope from any Doorkeeper-compatible Rails app you are
  logged in.

cvss_v2: 6.8

patched_versions:
  - ~> 1.4.1
  - ">= 2.0.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml