CVE-2018-1000211: Incorrect Permission Assignment for Critical Resource

July 13, 2018 (updated October 3, 2019)

Doorkeeper contains a vulnerability in Token revocation API’s authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000211

Detect and mitigate CVE-2018-1000211 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →