CVE-2014-8144 – Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8144

Reference (s):

• https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md
• MLIST:[oss-security] 20141217 [CVE-2014-8144] CSRF vulnerability in doorkeeper
• URL: http://seclists.org/oss-sec/2014/q4/1076
• XF:doorkeeper-cve20148144-csrf(99342)
• URL: https://exchange.xforce.ibmcloud.com/vulnerabilities/99342