CVE-2016-6582 — CRITICAL (9.1)

Q: How severe is CVE-2016-6582?

CVE-2016-6582 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-6582?

Check the references section above for vendor advisories and patch information. Affected products include: Doorkeeper Project Doorkeeper.

Vulnerability Description

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Doorkeeper Project	Doorkeeper	<= 4.1.0

Related Weaknesses (CWE)

CWE-254

References

http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.htThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Aug/105Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/archive/1/539268/100/0/threaded
http://www.securityfocus.com/bid/92551Third Party AdvisoryVDB Entry
https://github.com/doorkeeper-gem/doorkeeper/issues/875Issue TrackingPatchThird Party Advisory
https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0Issue TrackingPatchRelease Notes
http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.htThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Aug/105Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/archive/1/539268/100/0/threaded
http://www.securityfocus.com/bid/92551Third Party AdvisoryVDB Entry
https://github.com/doorkeeper-gem/doorkeeper/issues/875Issue TrackingPatchThird Party Advisory
https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0Issue TrackingPatchRelease Notes

FAQ

What is CVE-2016-6582?

CVE-2016-6582 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificati...

How severe is CVE-2016-6582?

CVE-2016-6582 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-6582?

Check the references section above for vendor advisories and patch information. Affected products include: Doorkeeper Project Doorkeeper.