vulnerability
Ubuntu: USN-7394-1 (CVE-2016-6582): Doorkeeper vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:N/I:P/A:P) | Jan 23, 2017 | Mar 31, 2025 | May 5, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
Jan 23, 2017
Added
Mar 31, 2025
Modified
May 5, 2025
Description
Jonathan Clem and Justin Bull discovered that Doorkeeper could allow
arbitrary token revocation and replay attacks. An attacker could possibly
use this issue to gain unauthorized access to a system. (CVE-2016-6582)
It was discovered that Doorkeeper incorrectly handled storing client names.
An attacker could possibly use this issue to execute a cross-site
scripting (XSS) attack. (CVE-2018-1000088)
Solution
ubuntu-pro-upgrade-ruby-doorkeeper
References
- CVE-2016-6582
- https://attackerkb.com/topics/CVE-2016-6582
- UBUNTU-USN-7394-1
- URL-https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
- URL-https://github.com/doorkeeper-gem/doorkeeper/issues/875
- URL-https://ubuntu.com/security/notices/USN-7394-1
- URL-https://www.cve.org/CVERecord?id=CVE-2016-6582
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.