RubySec

Providing security resources for the Ruby community

OSVDB-118830 (doorkeeper): Doorkeeper Gem for Ruby stores sensitive information in production logs

ADVISORIES

  • OSVDB-118830

GEM

doorkeeper

PATCHED VERSIONS

  • ~> 1.4.2
  • >= 2.1.2

DESCRIPTION

Doorkeeper Gem for Ruby contains a flaw in lib/doorkeeper/engine.rb. The issue is due to the program storing sensitive information in production logs. This may allow a local attacker to gain access to sensitive information.