CVE-2019-9837

MEDIUM6.1EPSS 0.36%

Doorkeeper-openid_connect contains Open Redirect

Published: 3/25/2019Modified: 4/28/2026

Also known as:GHSA-vv4c-g6q7-p3q7DEBIAN-CVE-2019-9837

Description

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

Affected packages (2)

Debian/ruby-doorkeeper-openid-connectfrom 0, < 1.5.5-1
RubyGems/doorkeeper-openid_connect>= 1.4.0, < 1.5.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-9837
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-9837
PATCHhttps://github.com/doorkeeper-gem/doorkeeper-openid_connect
WEBhttps://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/master/CHANGELOG.md
WEBhttps://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
WEBhttps://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66