Vulnerability-Lookup

CVE-2018-1000088 (GCVE-0-2018-1000088)

Vulnerability from cvelistv5 – Published: 2018-03-13 15:00 – Updated: 2024-08-05 12:33

Summary

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2018-03476

Vulnerability from cnvd - Published: 2018-02-27

Title

Doorkeeper gem跨站脚本漏洞

Description

Doorkeeper是基于Ruby语言的开源Web应用框架中的OAuth 2（开放授权协议）提供者。 Doorkeeper gem 2.1.0版本至4.2.5版本存在跨站脚本漏洞，攻击者可利用该漏洞插入跨站代码，获取管理员cookie等敏感信息。

Severity

中

Patch Name

Doorkeeper gem跨站脚本漏洞的补丁

Patch Description

Doorkeeper是基于Ruby语言的开源Web应用框架中的OAuth 2（开放授权协议）提供者。 Doorkeeper gem 2.1.0版本至4.2.5版本存在跨站脚本漏洞，攻击者可利用该漏洞插入跨站代码，获取管理员cookie等敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://github.com/doorkeeper-gem/doorkeeper/issues/969

Reference

http://seclists.org/fulldisclosure/2018/Feb/70

Impacted products

Name
Doorkeeper-gem Doorkeeper >=2.1.0，<=4.2.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1000088"
    }
  },
  "description": "Doorkeeper\u662f\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u4e2d\u7684OAuth 2\uff08\u5f00\u653e\u6388\u6743\u534f\u8bae\uff09\u63d0\u4f9b\u8005\u3002 \r\n\r\nDoorkeeper gem 2.1.0\u7248\u672c\u81f34.2.5\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165\u8de8\u7ad9\u4ee3\u7801\uff0c\u83b7\u53d6\u7ba1\u7406\u5458cookie\u7b49\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Gauthier Monserand",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://github.com/doorkeeper-gem/doorkeeper/issues/969",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03476",
  "openTime": "2018-02-27",
  "patchDescription": "Doorkeeper\u662f\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u4e2d\u7684OAuth 2\uff08\u5f00\u653e\u6388\u6743\u534f\u8bae\uff09\u63d0\u4f9b\u8005\u3002 \r\n\r\nDoorkeeper gem 2.1.0\u7248\u672c\u81f34.2.5\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165\u8de8\u7ad9\u4ee3\u7801\uff0c\u83b7\u53d6\u7ba1\u7406\u5458cookie\u7b49\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Doorkeeper gem\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Doorkeeper-gem Doorkeeper \u003e=2.1.0\uff0c\u003c=4.2.5"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2018/Feb/70",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-26",
  "title": "Doorkeeper gem\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GHSA-HWHH-2FWM-CFGW

Vulnerability from github – Published: 2018-03-13 20:44 – Updated: 2022-04-26 17:36

Summary

Doorkeeper is vulnerable to stored XSS and code execution

Details

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.5"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "doorkeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "4.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1000088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:41:16Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view\u0027s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client\u0027s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.",
  "id": "GHSA-hwhh-2fwm-cfgw",
  "modified": "2022-04-26T17:36:10Z",
  "published": "2018-03-13T20:44:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000088"
    },
    {
      "type": "WEB",
      "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/969"
    },
    {
      "type": "WEB",
      "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/pull/328/files"
    },
    {
      "type": "WEB",
      "url": "https://github.com/doorkeeper-gem/doorkeeper/commit/7b1a8373ecd69768c896000c7971dbf48948c1b5"
    },
    {
      "type": "WEB",
      "url": "https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/doorkeeper-gem/doorkeeper"
    },
    {
      "type": "WEB",
      "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2018-1000088.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Doorkeeper is vulnerable to stored XSS and code execution"
}

GSD-2018-1000088

Vulnerability from gsd - Updated: 2018-02-21 00:00

Details

Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link for the malicious OAuth client. Because of how the links work, a user cannot tell if a link is malicious or not without first visiting the page with the XSS payload. If 3rd parties are allowed to create OAuth clients in the app using Doorkeeper, upgrade to the patched versions immediately. Additionally there is stored XSS in the native_redirect_uri form element. DWF has assigned CVE-2018-1000088.

Aliases

CVE-2018-1000088

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1000088",
    "description": "Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view\u0027s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client\u0027s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.",
    "id": "GSD-2018-1000088"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "doorkeeper",
            "purl": "pkg:gem/doorkeeper"
          }
        }
      ],
      "aliases": [
        "CVE-2018-1000088",
        "GHSA-hwhh-2fwm-cfgw"
      ],
      "details": "Stored XSS on the OAuth Client\u0027s name will cause users being prompted for\nconsent via the \"implicit\" grant type to execute the XSS payload.\n\nThe XSS attack could gain access to the user\u0027s active session, resulting in\naccount compromise.\n\nAny user is susceptible if they click the authorization link for the\nmalicious OAuth client. Because of how the links work, a user cannot tell if\na link is malicious or not without first visiting the page with the XSS\npayload.\n\nIf 3rd parties are allowed to create OAuth clients in the app using\nDoorkeeper, upgrade to the patched versions immediately.\n\nAdditionally there is stored XSS in the native_redirect_uri form element.\n\nDWF has assigned CVE-2018-1000088.\n",
      "id": "GSD-2018-1000088",
      "modified": "2018-02-21T00:00:00.000Z",
      "published": "2018-02-21T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/"
        },
        {
          "type": "WEB",
          "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/969"
        },
        {
          "type": "WEB",
          "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/970"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 7.6,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Doorkeeper gem has stored XSS on authorization consent view"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "DATE_ASSIGNED": "2/17/2018 11:44:44",
        "ID": "CVE-2018-1000088",
        "REQUESTER": "me@justinbull.ca",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view\u0027s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client\u0027s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/rubysec/ruby-advisory-db/pull/328/files",
            "refsource": "MISC",
            "url": "https://github.com/rubysec/ruby-advisory-db/pull/328/files"
          },
          {
            "name": "https://github.com/doorkeeper-gem/doorkeeper/issues/969",
            "refsource": "MISC",
            "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/969"
          },
          {
            "name": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0",
            "refsource": "MISC",
            "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0"
          },
          {
            "name": "https://github.com/doorkeeper-gem/doorkeeper/pull/970",
            "refsource": "MISC",
            "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/970"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-1000088",
      "cvss_v3": 7.6,
      "date": "2018-02-21",
      "description": "Stored XSS on the OAuth Client\u0027s name will cause users being prompted for\nconsent via the \"implicit\" grant type to execute the XSS payload.\n\nThe XSS attack could gain access to the user\u0027s active session, resulting in\naccount compromise.\n\nAny user is susceptible if they click the authorization link for the\nmalicious OAuth client. Because of how the links work, a user cannot tell if\na link is malicious or not without first visiting the page with the XSS\npayload.\n\nIf 3rd parties are allowed to create OAuth clients in the app using\nDoorkeeper, upgrade to the patched versions immediately.\n\nAdditionally there is stored XSS in the native_redirect_uri form element.\n\nDWF has assigned CVE-2018-1000088.\n",
      "gem": "doorkeeper",
      "ghsa": "hwhh-2fwm-cfgw",
      "patched_versions": [
        "\u003e= 4.2.6"
      ],
      "related": {
        "url": [
          "https://github.com/doorkeeper-gem/doorkeeper/issues/969",
          "https://github.com/doorkeeper-gem/doorkeeper/issues/970"
        ]
      },
      "title": "Doorkeeper gem has stored XSS on authorization consent view",
      "unaffected_versions": [
        "\u003c 2.1.0"
      ],
      "url": "https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2.1.0 \u003c4.2.6",
          "affected_versions": "All versions starting from 2.1.0 before 4.2.6",
          "credit": "Gauthier Monserand",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2018-04-11",
          "description": "Stored XSS on the OAuth Client\u0027s name will cause users being prompted for consent via the `implicit` grant type to execute the XSS payload. The XSS attack could gain access to the user\u0027s active session, resulting in account compromise. Any user is susceptible if they click the authorization link for the malicious OAuth client. Because of how the links work, a user cannot tell if a link is malicious or not without first visiting the page with the XSS payload. In addition, there is stored XSS in the `native_redirect_uri` form element.",
          "fixed_versions": [
            "4.2.6"
          ],
          "identifier": "CVE-2018-1000088",
          "identifiers": [
            "CVE-2018-1000088"
          ],
          "not_impacted": "All versions before 2.1.0, all versions starting from 4.2.6",
          "package_slug": "gem/doorkeeper",
          "pubdate": "2018-03-13",
          "solution": "Upgrade to version 4.2.6 or above.",
          "title": "XSS on authorization consent view",
          "urls": [
            "https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/",
            "https://github.com/doorkeeper-gem/doorkeeper/issues/969",
            "https://github.com/doorkeeper-gem/doorkeeper/pull/970"
          ],
          "uuid": "6d348d35-9191-4320-93d5-d12b7a928631"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.5",
                "versionStartIncluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-1000088"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view\u0027s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client\u0027s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/pull/328/files",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/pull/328/files"
            },
            {
              "name": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0"
            },
            {
              "name": "https://github.com/doorkeeper-gem/doorkeeper/pull/970",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/970"
            },
            {
              "name": "https://github.com/doorkeeper-gem/doorkeeper/issues/969",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/969"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-04-11T13:48Z",
      "publishedDate": "2018-03-13T15:29Z"
    }
  }
}

FKIE_CVE-2018-1000088

Vulnerability from fkie_nvd - Published: 2018-03-13 15:29 - Updated: 2024-11-21 03:39

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://github.com/doorkeeper-gem/doorkeeper/issues/969	Issue Tracking
cve@mitre.org	https://github.com/doorkeeper-gem/doorkeeper/pull/970	Issue Tracking
cve@mitre.org	https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0	Release Notes
cve@mitre.org	https://github.com/rubysec/ruby-advisory-db/pull/328/files	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/doorkeeper-gem/doorkeeper/issues/969	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/doorkeeper-gem/doorkeeper/pull/970	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rubysec/ruby-advisory-db/pull/328/files	Third Party Advisory

Impacted products

	Vendor	Product	Version
	doorkeeper_project	doorkeeper	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "36AA1694-5C54-45E3-85B5-2DF8C338EFE3",
              "versionEndIncluding": "4.2.5",
              "versionStartIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view\u0027s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client\u0027s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0."
    },
    {
      "lang": "es",
      "value": "Doorkeeper, de la versi\u00f3n 2.1.0 hasta la 4.2.5, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el formulario de aplicaci\u00f3n OAuth de la vista web, concretamente en la vista de mensaje de autorizaci\u00f3n, que puede resultar en Cross-Site Scripting (XSS) persistente en el nombre del cliente OAuth. Esto har\u00e1 que los usuarios que interact\u00faen con el ejecuten cargas \u00fatiles. El ataque parece ser explotable si la v\u00edctima es enga\u00f1ada para que haga clic en un enlace opaco a la vista web que ejecuta la carga \u00fatil XSS. Una versi\u00f3n maliciosa es virtualmente imposible de distinguir de un enlace normal. La vulnerabilidad parece haber sido solucionada en las versiones 4.2.6 y 4.3.0."
    }
  ],
  "id": "CVE-2018-1000088",
  "lastModified": "2024-11-21T03:39:37.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-13T15:29:01.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/969"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/970"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rubysec/ruby-advisory-db/pull/328/files"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/doorkeeper-gem/doorkeeper/issues/969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.3.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rubysec/ruby-advisory-db/pull/328/files"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1000088 (GCVE-0-2018-1000088)

CNVD-2018-03476

GHSA-HWHH-2FWM-CFGW

GSD-2018-1000088

FKIE_CVE-2018-1000088

Tags

Sightings

Nomenclature