Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-3494-1 | ruby-doorkeeper security update |
![]() |
DLA-3989-1 | ruby-doorkeeper security update |
![]() |
EUVD-2023-1739 | Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6. |
![]() |
GHSA-7w2c-w47h-789w | Doorkeeper Improper Authentication vulnerability |
![]() |
USN-6210-1 | Doorkeeper vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 04 Jan 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 09 Dec 2024 05:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-02-13T16:55:25.344Z
Reserved: 2023-05-31T13:51:51.173Z
Link: CVE-2023-34246

Updated: 2024-12-09T05:03:22.873Z

Status : Modified
Published: 2023-06-12T17:15:09.967
Modified: 2024-12-09T05:15:04.823
Link: CVE-2023-34246

No data.

No data.