Candidate: CVE-2018-1000211
PublicDate: 2018-07-13 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000211
 https://github.com/doorkeeper-gem/doorkeeper/issues/891
 https://github.com/doorkeeper-gem/doorkeeper/pull/1119
Description:
 Doorkeeper version 4.2.0 and later contains a Incorrect Access Control
 vulnerability in Token revocation API's authorized method that can result
 in Access tokens are not revoked for public OAuth apps, leaking access
 until expiry.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_ruby-doorkeeper:
upstream_ruby-doorkeeper: needs-triage
precise/esm_ruby-doorkeeper: DNE
trusty_ruby-doorkeeper: DNE
trusty/esm_ruby-doorkeeper: DNE
xenial_ruby-doorkeeper: ignored (end of standard support, was needs-triage)
artful_ruby-doorkeeper: ignored (reached end-of-life)
bionic_ruby-doorkeeper: needs-triage
cosmic_ruby-doorkeeper: ignored (reached end-of-life)
disco_ruby-doorkeeper: not-affected (4.4.2-1)
eoan_ruby-doorkeeper: not-affected (4.4.2-1)
focal_ruby-doorkeeper: not-affected (4.4.2-1)
groovy_ruby-doorkeeper: not-affected (4.4.2-1)
hirsute_ruby-doorkeeper: not-affected (4.4.2-1)
impish_ruby-doorkeeper: not-affected (4.4.2-1)
jammy_ruby-doorkeeper: not-affected (4.4.2-1)
devel_ruby-doorkeeper: not-affected (4.4.2-1)