UBUNTU-CVE-2023-34246

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-34246

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-34246.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-34246

Related

Published

2023-06-12T17:15:00Z

Modified

2023-06-12T17:15:00Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/ubuntu/ruby-doorkeeper?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.1-1ubuntu0.1~esm1

Affected versions

2.*

2.2.1-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "2.2.1-1ubuntu0.1~esm1",
            "binary_name": "ruby-doorkeeper"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/ubuntu/ruby-doorkeeper?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1ubuntu0.1~esm1

Affected versions

4.*

4.2.0-3

4.3.1-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "4.3.1-1ubuntu0.1~esm1",
            "binary_name": "ruby-doorkeeper"
        }
    ]
}

Ubuntu:20.04:LTS / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/ubuntu/ruby-doorkeeper?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.2-2ubuntu0.1

Affected versions

4.*

4.4.2-1

5.*

5.0.2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "5.0.2-2ubuntu0.1",
            "binary_name": "ruby-doorkeeper"
        }
    ]
}

Ubuntu:22.04:LTS / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/ubuntu/ruby-doorkeeper?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.0-2ubuntu0.22.04.1

Affected versions

5.*

5.3.0-2

5.5.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "5.5.0-2ubuntu0.22.04.1",
            "binary_name": "ruby-doorkeeper"
        }
    ]
}

Ubuntu:24.04:LTS / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/ubuntu/ruby-doorkeeper?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.6-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "binary_version": "5.6.6-2",
            "binary_name": "ruby-doorkeeper"
        }
    ]
}