Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-301
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 6.x antérieures à 6.0.3.1 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 5.x antérieures à 5.2.4.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby on Rails versions 6.x ant\u00e9rieures \u00e0 6.0.3.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 5.x ant\u00e9rieures \u00e0 5.2.4.3",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8166"
},
{
"name": "CVE-2020-8165",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8165"
},
{
"name": "CVE-2020-8164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8164"
},
{
"name": "CVE-2020-8162",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8162"
},
{
"name": "CVE-2020-8167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8167"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-301",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8167 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8164 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8162 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8166 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8165 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c"
}
]
}
CVE-2020-8165 (GCVE-0-2020-8165)
Vulnerability from cvelistv5 – Published: 2020-06-19 17:05 – Updated: 2025-05-09 20:03
VLAI?
EPSS
Summary
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Severity ?
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data (CWE-502)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Affected:
Fixed in 5.2.4.3, 6.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-09T20:03:28.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/413388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1677",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1679",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250509-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data (CWE-502)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-17T11:06:36.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/413388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1677",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1679",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data (CWE-502)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/413388",
"refsource": "MISC",
"url": "https://hackerone.com/reports/413388"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
"refsource": "CONFIRM",
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1679",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8165",
"datePublished": "2020-06-19T17:05:30.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2025-05-09T20:03:28.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8164 (GCVE-0-2020-8164)
Vulnerability from cvelistv5 – Published: 2020-06-19 17:04 – Updated: 2024-08-04 09:48
VLAI?
EPSS
Summary
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
Severity ?
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data (CWE-502)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Affected:
5.2.4.3, 6.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/292797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
},
{
"name": "openSUSE-SU-2020:1536",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
},
{
"name": "openSUSE-SU-2020:1575",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data (CWE-502)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-29T14:06:08",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/292797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
},
{
"name": "openSUSE-SU-2020:1536",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
},
{
"name": "openSUSE-SU-2020:1575",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data (CWE-502)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/292797",
"refsource": "MISC",
"url": "https://hackerone.com/reports/292797"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1533",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
},
{
"name": "openSUSE-SU-2020:1536",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
},
{
"name": "openSUSE-SU-2020:1575",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8164",
"datePublished": "2020-06-19T17:04:13",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8167 (GCVE-0-2020-8167)
Vulnerability from cvelistv5 – Published: 2020-06-19 17:16 – Updated: 2024-08-04 09:48
VLAI?
EPSS
Summary
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF) (CWE-352)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | http://github.com/rails/rails |
Affected:
Fixed in 5.2.4.3, 6.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/189878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "http://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:22",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/189878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "http://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/189878",
"refsource": "MISC",
"url": "https://hackerone.com/reports/189878"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8167",
"datePublished": "2020-06-19T17:16:06",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8166 (GCVE-0-2020-8166)
Vulnerability from cvelistv5 – Published: 2020-07-02 18:35 – Updated: 2024-08-04 09:48
VLAI?
EPSS
Summary
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF) (CWE-352)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Affected:
Fixed in 5.2.4.3, 6.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/732415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:21",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/732415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/732415",
"refsource": "MISC",
"url": "https://hackerone.com/reports/732415"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8166",
"datePublished": "2020-07-02T18:35:17",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8162 (GCVE-0-2020-8162)
Vulnerability from cvelistv5 – Published: 2020-06-19 17:02 – Updated: 2024-08-04 09:48
VLAI?
EPSS
Summary
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Severity ?
No CVSS data available.
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security (CWE-602)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Affected:
rails >= 5.2.4.3, rails >= 6.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/789579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A client side enforcement of server side security vulnerability exists in rails \u003c 5.2.4.2 and rails \u003c 6.0.3.1 ActiveStorage\u0027s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Client-Side Enforcement of Server-Side Security (CWE-602)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:23",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/789579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A client side enforcement of server side security vulnerability exists in rails \u003c 5.2.4.2 and rails \u003c 6.0.3.1 ActiveStorage\u0027s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-Side Enforcement of Server-Side Security (CWE-602)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/789579",
"refsource": "MISC",
"url": "https://hackerone.com/reports/789579"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8162",
"datePublished": "2020-06-19T17:02:42",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…