Incorrect Access Control in Doorkeeper Token Revocation API
CVE-2018-1000211 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
Learn more about our Api Penetration Testing.