[CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper

Good morning everyone, A security bulletin for all of you. Software: Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: -- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --- 4.2.0 - 4.3.2 5.0.0.rc1 Fixed Versions

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

b.com/Schine/MW-OAuth2Client/commit/7188d6c8d359d41c6974c19b2c0907653bab8f6e [5]: https://github.com/Schine/MW-OAuth2Client/commit/6a4fe4500ddd72ad4e826d9d63b2d69512bd10d1 [6]: https://github.com/Schine/MW-OAuth2Client/releases/tag/v0.4 -- Best Regards, Justin Bull PGP Fingerprint: E09D 38DE 8FB7 5745

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

Good evening everyone, A security bulletin for all of you. Software: Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: -- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --- 1.2.0 - 4.1.0 (all versions but latest

Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5

On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull wrote: > Solution: > - > Upgrade to Doorkeeper v4.2.6 or later > Apologies. This fails to account for a non-trivial scenario. Any software using Doorkeeper that has generated its own custom views[0] requires manual work to verif