CVE-2016-6582
critical
CVSS v3
9.1
CVSS v2
6.4
VIR risk
9.1
Description
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
Predictions
Exploit likelihood
94%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-6582
Vendor advisory: cve@mitre.org — https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0
Vendor advisory: cve@mitre.org — https://github.com/doorkeeper-gem/doorkeeper/issues/875
Vendor advisory: cve@mitre.org — http://seclists.org/fulldisclosure/2016/Aug/105
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 4.2.0-3 |
| debian | bullseye | fixed | 4.2.0-3 |
| debian | forky | fixed | 4.2.0-3 |
| debian | sid | fixed | 4.2.0-3 |
| debian | trixie | fixed | 4.2.0-3 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | doorkeeper | !< 1.2.0||<>= 4.2.0 | >= 4.2.0 |
| RubyGems | doorkeeper | <4.2.0 | 4.2.0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| doorkeeper_project | doorkeeper | {"endIncluding":"4.1.0"} | |
References
- http://www.openwall.com/lists/oss-security/2016/08/19/2
- http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
- http://seclists.org/fulldisclosure/2016/Aug/105
- http://www.securityfocus.com/archive/1/539268/100/0/threaded
- http://www.securityfocus.com/bid/92551
- https://github.com/doorkeeper-gem/doorkeeper/issues/875
- https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0
- https://nvd.nist.gov/vuln/detail/CVE-2016-6582
- https://github.com/advisories/GHSA-3m6r-39p3-jq25
- https://github.com/doorkeeper-gem/doorkeeper
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2016-6582.yml
- https://web.archive.org/web/20170214021758/http://www.securityfocus.com/bid/92551
- https://web.archive.org/web/20201207202519/http://www.securityfocus.com/archive/1/539268/100/0/threaded
- https://security-tracker.debian.org/tracker/CVE-2016-6582
CWEs
CWE-254
Verify integrity in audit chain (admin only). AS-IS.