Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f8d71631
Commit
f8d71631
authored
Apr 22, 2020
by
Juan Broullon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix doorkeeper CVE-2020-10187
parent
d60e8d68
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
33 additions
and
0 deletions
+33
-0
app/controllers/oauth/authorized_applications_controller.rb
app/controllers/oauth/authorized_applications_controller.rb
+7
-0
changelogs/unreleased/security-fix-CVE-2020-10187.yml
changelogs/unreleased/security-fix-CVE-2020-10187.yml
+5
-0
spec/controllers/oauth/authorized_applications_controller_spec.rb
...trollers/oauth/authorized_applications_controller_spec.rb
+21
-0
No files found.
app/controllers/oauth/authorized_applications_controller.rb
View file @
f8d71631
...
...
@@ -5,6 +5,13 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
layout
'profile'
def
index
respond_to
do
|
format
|
format
.
html
{
render
"errors/not_found"
,
layout:
"errors"
,
status: :not_found
}
format
.
json
{
render
json:
""
,
status: :not_found
}
end
end
def
destroy
if
params
[
:token_id
].
present?
current_resource_owner
.
oauth_authorized_tokens
.
find
(
params
[
:token_id
]).
revoke
...
...
changelogs/unreleased/security-fix-CVE-2020-10187.yml
0 → 100644
View file @
f8d71631
---
title
:
Fix doorkeeper CVE-2020-10187
merge_request
:
author
:
type
:
security
spec/controllers/oauth/authorized_applications_controller_spec.rb
0 → 100644
View file @
f8d71631
# frozen_string_literal: true
require
'spec_helper'
describe
Oauth
::
AuthorizedApplicationsController
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:guest
)
{
create
(
:user
)
}
let
(
:application
)
{
create
(
:oauth_application
,
owner:
guest
)
}
before
do
sign_in
(
user
)
end
describe
'GET #index'
do
it
'responds with 404'
do
get
:index
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment