The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3494 advisory.
– Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6. (CVE-2023-34246)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More