CVE-2020-15223

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0
Configurations

Configuration 1 (hide)

cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*

History

21 Oct 2022, 18:09

Type Values Removed Values Added
CWE CWE-755 CWE-754

Information

Published : 2020-09-24 17:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-15223

Mitre link : CVE-2020-15223

CVE.ORG link : CVE-2020-15223


JSON object : View

Products Affected

ory

  • fosite
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-755

Improper Handling of Exceptional Conditions