Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-12T16:33:05.704Z
Updated: 2024-08-02T16:01:54.318Z
Reserved: 2023-05-31T13:51:51.173Z
Link: CVE-2023-34246
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-12T17:15:09.967
Modified: 2023-07-12T15:15:08.847
Link: CVE-2023-34246
Redhat
No data.