Incorrect Access Control in Doorkeeper Token Revocation API

Incorrect Access Control in Doorkeeper Token Revocation API

CVE-2018-1000211 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

Learn more about our Api Penetration Testing.