Access Token Security Flaw in Omniauth-Facebook for RubyGem
CVE-2013-4593

7.5HIGH

Key Information:

Vendor

Omniauth-facebook

Status
Omniauth-facebook
Vendor
CVE Published:
11 December 2019

What is CVE-2013-4593?

The omniauth-facebook RubyGem is susceptible to a security flaw that allows unauthorized access through an access token. This vulnerability could enable attackers to gain illicit access to user information by circumventing proper authentication. Developers using this library should ensure they upgrade to the latest version to mitigate the risks associated with potential exploitation.

Affected Version(s)

omniauth-facebook <= 1.5.0

References

https://security-tracker.debian.org/tracker/CVE-2013-4593
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2013-4593
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/18/6
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.