How severe is CVE-2020-15223?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2020-15223?

This is classified as CWE-755, which is a common weakness in software security.

CVE-2020-15223 - HIGH Severity | CVSS 8

Vulnerability Description

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0

Related Vulnerabilities

CVE-2024-9413

HIGH

CVSS:8.0(High)

The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in ...

CWE-7552024

CVE-2018-8039

HIGH

CVSS:8.1(High)

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system prop...

CWE-7552018

CVE-2022-1965

HIGH

CVSS:8.1(High)

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file r...

CWE-7552022

CVE-2024-3150

HIGH

CVSS:8.1(High)

In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from ...

CWE-7552024

CVE-2017-0193

HIGH

CVSS:7.8(High)

Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016...

CWE-7552017

CVE-2017-0759

HIGH

CVSS:7.8(High)

A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.

CWE-7552017