vulnerability

Ubuntu: USN-6210-1 (CVE-2023-34246): Doorkeeper vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Jun 12, 2023	Jul 10, 2023	Jan 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Jun 12, 2023

Added

Jul 10, 2023

Modified

Jan 28, 2025

Description

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

Solution

ubuntu-pro-upgrade-ruby-doorkeeper

References

CVE-2023-34246
https://attackerkb.com/topics/CVE-2023-34246
UBUNTU-USN-6210-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today