7PK - Security Features

CVE-2016-6582

High

9.1/10

Summary

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-254 - Security Features

Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.

References

Issue
Advisory

Advisory Timeline

Published Jan 23, 2017

7PK - Security Features

CVE-2016-6582

Summary

CWE-254 - Security Features

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS