CVE-2020-15223

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15223

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15223.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-15223

Aliases

Related

GHSA-7mqr-2v3q-v2wm

Published

2020-09-24T17:15:13Z

Modified

2025-01-08T10:27:44.337908Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0

References

Affected packages

Git / github.com/ory/fosite

Affected ranges

Type: GIT
Repo: https://github.com/ory/fosite
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

03dd55813f5521985f7dd64277b7ba0cf1441319

Fixed

03dd55813f5521985f7dd64277b7ba0cf1441319

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.12.0

v0.13.0

v0.13.1

v0.14.0

v0.14.1

v0.14.2

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.15.6

v0.16.0

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.17.0

v0.17.1

v0.17.2

v0.18.0

v0.18.1

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.19.4

v0.19.5

v0.19.6

v0.19.7

v0.19.8

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.20.0

v0.20.1

v0.20.2

v0.20.3

v0.21.0

v0.21.1

v0.21.2

v0.21.3

v0.21.4

v0.21.5

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.25.1

v0.26.0

v0.26.1

v0.27.0

v0.27.1

v0.27.2

v0.27.3

v0.27.4

v0.28.0

v0.28.1

v0.29.0

v0.29.1

v0.29.2

v0.29.3

v0.29.4

v0.29.5

v0.29.6

v0.29.7

v0.29.8

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.30.0

v0.30.1

v0.30.2

v0.30.3

v0.30.4

v0.30.5

v0.30.6

v0.31.0

v0.31.1

v0.31.2

v0.31.3

v0.32.0

v0.32.1

v0.32.2

v0.32.3

v0.32.4

v0.33.0

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.17

v0.6.18

v0.6.19

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7