Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Doorkeeper 信息泄露漏洞
Vulnerability Description
Doorkeeper是一款适用于Rails/Grape应用的OAuth 2身份验证提供程序。 Doorkeeper 5.0.0及之后版本(5.0.3、5.1.1、5.2.5、5.3.2版本已修复)中存在信息泄露漏洞,该漏洞源于不正确的访问控制。远程攻击者可借助特制请求利用该漏洞检索客户端上的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A