漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Doorkeeper Improper Authentication vulnerability
Vulnerability Description
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Doorkeeper 授权问题漏洞
Vulnerability Description
Doorkeeper是一款适用于Rails/Grape应用的OAuth 2身份验证提供程序。 Doorkeeper 5.6.6之前版本存在授权问题漏洞,该漏洞源于会自动处理先前已批准的公共客户端无需用户同意的授权请求。
CVSS Information
N/A
Vulnerability Type
N/A