CVE-2020-10187 - OpenCVE

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Doorkeeper Project	Doorkeeper

Configuration 1 [-]

OR	cpe:2.3:a:doorkeeper_project:doorkeeper::::::ruby::*
	cpe:2.3:a:doorkeeper_project:doorkeeper::::::ruby::*
	cpe:2.3:a:doorkeeper_project:doorkeeper::::::ruby::*
	cpe:2.3:a:doorkeeper_project:doorkeeper::::::ruby::*

No data.

References

Link	Providers
https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6
https://github.com/doorkeeper-gem/doorkeeper/releases
https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9
https://github.com/rubysec/ruby-advisory-db/pull/446

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-04T13:19:04

Updated: 2024-08-04T10:58:39.628Z

Reserved: 2020-03-06T00:00:00

Link: CVE-2020-10187

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-05-04T14:15:13.013

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-10187

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-04T13:19:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/doorkeeper-gem/doorkeeper/releases"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/446"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10187", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/doorkeeper-gem/doorkeeper/releases", "refsource": "MISC", "url": "https://github.com/doorkeeper-gem/doorkeeper/releases"}, {"name": "https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6", "refsource": "MISC", "url": "https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6"}, {"name": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9", "refsource": "MISC", "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9"}, {"name": "https://github.com/rubysec/ruby-advisory-db/pull/446", "refsource": "MISC", "url": "https://github.com/rubysec/ruby-advisory-db/pull/446"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:58:39.628Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/doorkeeper-gem/doorkeeper/releases"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/446"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10187", "datePublished": "2020-05-04T13:19:04", "dateReserved": "2020-03-06T00:00:00", "dateUpdated": "2024-08-04T10:58:39.628Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "45324471-B8B5-4BD5-88D8-FDADD7068460", "versionEndExcluding": "5.0.3", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "396ABBC9-1CC7-4E2C-96AA-784425C3316D", "versionEndExcluding": "5.1.1", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "FB61DD54-2340-4B7D-B370-E82E4AA88A1F", "versionEndExcluding": "5.2.5", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "A79B9E86-2EBC-4452-BCAF-6180E3AB37C7", "versionEndExcluding": "5.3.2", "versionStartIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled."}, {"lang": "es", "value": "Doorkeeper versi\u00f3n 5.0.0 y posteriores, contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que permite a un atacante recuperar el secreto del cliente previsto \u00fanicamente para el propietario de la aplicaci\u00f3n OAuth. Despu\u00e9s de autorizar la aplicaci\u00f3n y permitir el acceso, el atacante simplemente necesita solicitar la lista de sus aplicaciones autorizadas en un formato JSON (normalmente GET /oauth/authorized_applications.json). Una aplicaci\u00f3n es vulnerable si el controlador de aplicaciones autorizadas est\u00e1 habilitado."}], "id": "CVE-2020-10187", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-04T14:15:13.013", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/doorkeeper-gem/doorkeeper/releases"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/446"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}