oss-sec mailing list archives
CSRF vulnerability in doorkeeper OAuth provider rubygem
From: Tute Costa <tute () thoughtbot com>
Date: Wed, 17 Dec 2014 12:57:44 -0500
Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier allows remote attackers to hijack the user's OAuth autorization code. This vulnerability has been assigned the CVE identifier CVE-2012-5664. Versions Affected: 1.4.0 and below Fixed Versions: 1.4.1, 2.0.0 Impact ------ Doorkeeper's endpoints didn't have CSRF protection. Any HTML document on the Internet can then read a user's authorization code with arbitrary scope from any Doorkeeper-compatible Rails app you are logged in. Releases -------- The 1.4.1 and 2.0.0 releases are available at https://rubygems.org/gems/doorkeeper and https://github.com/doorkeeper-gem/doorkeeper. Upgrade Process --------------- Upgrade doorkeeper version at least to 1.4.1. Workarounds ----------- There are no feasible workarounds for this vulnerability. Credits ------- Thanks to Sergey Belov of DigitalOcean for finding the vulnerability, Phill Baker of DigitalOcean for reporting and fixing it, and to Egor Homakov of Sakurity.com for raising awareness.
Current thread:
- CSRF vulnerability in doorkeeper OAuth provider rubygem Tute Costa (Dec 17)