CVE-2013-4593 (omniauth-facebook): omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass

November 14th, 2013

ADVISORIES

CVE-2013-4593 (NVD)
OSVDB-99888

GEM

omniauth-facebook

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

>= 1.5.1

DESCRIPTION

omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user.

RubySec

CVE-2013-4593 (omniauth-facebook): omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories