Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8144

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-8144
Last Modified 24 Feb 2015 11:51:28
Published 31 Dec 2014 05:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8144

Summary

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.

Vulnerable Systems

Application

  • Doorkeeper Project Doorkeeper 1.4.0


References

CONFIRM - https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md

XF - doorkeeper-cve20148144-csrf(99342)

MLIST - [oss-security] 20141217 [CVE-2014-8144] CSRF vulnerability in doorkeeper


Last Updated: 27 May 2016 11:07:54