CVE-2023-34246

Published: 12 June 2023

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

Notes

Author	Note
sbeattie	need to verify ruby-doorkeeper-openid-connect as well

Priority

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package	Release	Status
ruby-doorkeeper Launchpad, Ubuntu, Debian	bionic	Released (4.3.1-1ubuntu0.1~esm1) Available with Ubuntu Pro
	focal	Released (5.0.2-2ubuntu0.1)
	jammy	Released (5.5.0-2ubuntu0.22.04.1)
	kinetic	Released (5.5.0-2ubuntu0.22.10.1)
	lunar	Released (5.5.0-2ubuntu0.23.04.1)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Released (5.6.6)
	xenial	Released (2.2.1-1ubuntu0.1~esm1) Available with Ubuntu Pro
	Patches: upstream: https://github.com/doorkeeper-gem/doorkeeper/pull/1646/commits/f202079baac4c978a01ccc9a45d78fde368ac907
ruby-doorkeeper-openid-connect Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	lunar	Not vulnerable (code not present)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›