Home > Vulnerability Database > CVE-2023-34246

Mend.io Vulnerability Database

CVE-2023-34246

Good to know:

Date: June 12, 2023

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

Language: Ruby

Severity Score

8.7

Related Resources (9)

Url: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-34246

Url: https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v5.6.6

Url: https://www.rfc-editor.org/rfc/rfc8252#section-8.6

Url: https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html

Url: https://github.com/doorkeeper-gem/doorkeeper/issues/1589

Url: https://security-tracker.debian.org/tracker/CVE-2023-34246

Url: https://github.com/doorkeeper-gem/doorkeeper/pull/1646

Url: https://www.mend.io/vulnerability-database/CVE-2023-34246

Severity Score

8.7

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version doorkeeper - 5.6.6

Learn More

CVSS v3.1

Base Score:	8.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-34246

Good to know:

Date: June 12, 2023

Language: Ruby

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?