CVE-2018-1000088

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000088

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000088.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000088

Aliases

GHSA-hwhh-2fwm-cfgw

Related

UBUNTU-CVE-2018-1000088

Published

2018-03-13T15:29:01Z

Modified

2024-09-18T02:53:44.324319Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.

References

Affected packages

Debian:11 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-doorkeeper

Package

Name: ruby-doorkeeper
Purl: pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/doorkeeper-gem/doorkeeper

Affected ranges

Type: GIT
Repo: https://github.com/doorkeeper-gem/doorkeeper
Events: Introduced

1415013c652009340717d173dcb72bf6d2d119b5

Last affected

23a02a807cbe6a1bd94aa660a440cb158cad6184

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.2.0

v2.2.1

v3.*

v3.0.0

v3.0.0.rc1

v3.0.0.rc2

v3.0.1

v3.1.0

v4.*

v4.0.0

v4.0.0.rc1

v4.0.0.rc2

v4.0.0.rc3

v4.0.0.rc4

v4.1.0

v4.2.0

v4.2.5