VDB
CVE-2016-6582
CVE-2016-6582
PUBLISHED
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
EPSS 0.99% · 77.2th percentile
Risk Scores
EPSS Score
0.99%
77.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | ruby-doorkeeper | 2.2.1-1, 0, * |
Exploit Intelligence
- 92551 (circl)
- http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html (circl)
- 20160818 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method (circl)
- 20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method (circl)
- https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0 (circl)
- https://github.com/doorkeeper-gem/doorkeeper/issues/875 (circl)
Timeline
- Jan 23, 2017 CVE Published
- Oct 9, 2018 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-6582 third-party-advisory
- https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53 third-party-advisory
- https://github.com/doorkeeper-gem/doorkeeper/issues/875 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-6582 third-party-advisory
- https://ubuntu.com/security/notices/USN-7394-1 vendor-advisory