cve-2021-22942

Vulnerability from cvelistv5

Published

2021-10-18 00:00

Modified

2024-08-03 18:58

Severity ?

Summary

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

References

URL	Tags
support@hackerone.com	http://www.openwall.com/lists/oss-security/2021/12/14/5	Mailing List, Patch, Third Party Advisory
support@hackerone.com	https://security.netapp.com/advisory/ntap-20240202-0005/
support@hackerone.com	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/	Mitigation, Vendor Advisory
support@hackerone.com	https://www.debian.org/security/2023/dsa-5372
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/14/5	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240202-0005/
af854a3a-2127-422b-91ae-364da2661108	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5372

Impacted products

Vendor

Product

Version

▼

n/a

https://github.com/rails/rails

Version: 6.1.4.1, 6.0.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.009Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
          },
          {
            "name": "[oss-security] 20211214 [CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
          },
          {
            "name": "DSA-5372",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5372"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240202-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.4.1, 6.0.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "Open Redirect (CWE-601)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T14:06:25.426854",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
        },
        {
          "name": "[oss-security] 20211214 [CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
        },
        {
          "name": "DSA-5372",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5372"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240202-0005/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22942",
    "datePublished": "2021-10-18T00:00:00",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.009Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.4.1\", \"matchCriteriaId\": \"8AB5441B-36FB-4F96-B958-E36F4A15E510\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndExcluding\": \"6.1.4.1\", \"matchCriteriaId\": \"9D495715-8C1F-4734-AA73-A6F82E181AF2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una posible vulnerabilidad de redireccionamiento abierto en el middleware Host Authorization de Action Pack versiones posteriores a 6.0.0 incluy\\u00e9ndola, que podr\\u00eda permitir a atacantes redirigir a usuarios a un sitio web malicioso\"}]",
      "id": "CVE-2021-22942",
      "lastModified": "2024-11-21T05:50:59.093",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-10-18T13:15:09.323",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2021/12/14/5\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240202-0005/\", \"source\": \"support@hackerone.com\"}, {\"url\": \"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5372\", \"source\": \"support@hackerone.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/12/14/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240202-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5372\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22942\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-10-18T13:15:09.323\",\"lastModified\":\"2024-11-21T05:50:59.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website.\"},{\"lang\":\"es\",\"value\":\"Se presenta una posible vulnerabilidad de redireccionamiento abierto en el middleware Host Authorization de Action Pack versiones posteriores a 6.0.0 incluy\u00e9ndola, que podr\u00eda permitir a atacantes redirigir a usuarios a un sitio web malicioso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.4.1\",\"matchCriteriaId\":\"8AB5441B-36FB-4F96-B958-E36F4A15E510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.4.1\",\"matchCriteriaId\":\"9D495715-8C1F-4734-AA73-A6F82E181AF2\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/14/5\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240202-0005/\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5372\",\"source\":\"support@hackerone.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/14/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240202-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5372\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-2rqw-v265-jf8c

Vulnerability from github

Published

2021-08-26 20:36

Modified

2024-02-02 16:47

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Open Redirect in ActionPack

Details

Overview

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942.

Versions Affected: >= 6.0.0. Not affected: < 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1

Impact

Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Impacted applications will have allowed hosts with a leading dot. For example, configuration files that look like this:

ruby config.hosts << '.EXAMPLE.com'

When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

This vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not take in to account domain name case sensitivity.

Releases

The fixed releases are available at the normal locations.

Workarounds

In the case a patch can’t be applied, the following monkey patch can be used in an initializer:

```ruby module ActionDispatch class HostAuthorization HOSTNAME = /[a-z0-9.-]+|[[a-f0-9]*:[a-f0-9.:]+]/i VALID_ORIGIN_HOST = /\A(#{HOSTNAME})(?::\d+)?\z/ VALID_FORWARDED_HOST = /(?:\A|,[ ]?)(#{HOSTNAME})(?::\d+)?\z/

private
  def authorized?(request)
    origin_host =
      request.get_header("HTTP_HOST")&.slice(VALID_ORIGIN_HOST, 1) || ""
    forwarded_host =
      request.x_forwarded_host&.slice(VALID_FORWARDED_HOST, 1) || ""
    @permissions.allows?(origin_host) &&
      (forwarded_host.blank? || @permissions.allows?(forwarded_host))
  end

end end ```

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.4"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.1.4"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.1.0"
            },
            {
              "fixed": "6.1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-22942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-26T20:36:25Z",
    "nvd_published_at": "2021-10-18T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "# Overview\n\nThere is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942.\n\nVersions Affected: \u003e= 6.0.0.\nNot affected: \u003c 6.0.0\nFixed Versions: 6.1.4.1, 6.0.4.1\n\n# Impact\n\nSpecially crafted \u201cX-Forwarded-Host\u201d headers in combination with certain \u201callowed host\u201d formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.\n\nImpacted applications will have allowed hosts with a leading dot. For example, configuration files that look like this:\n\n```ruby\nconfig.hosts \u003c\u003c  \u0027.EXAMPLE.com\u0027\n```\n\nWhen an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.\n\nThis vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not take in to account domain name case sensitivity.\n\n# Releases\n\nThe fixed releases are available at the normal locations.\n\n# Workarounds\n\nIn the case a patch can\u2019t be applied, the following monkey patch can be used in an initializer:\n\n```ruby\nmodule ActionDispatch\n  class HostAuthorization\n    HOSTNAME = /[a-z0-9.-]+|\\[[a-f0-9]*:[a-f0-9.:]+\\]/i\n    VALID_ORIGIN_HOST = /\\A(#{HOSTNAME})(?::\\d+)?\\z/\n    VALID_FORWARDED_HOST = /(?:\\A|,[ ]?)(#{HOSTNAME})(?::\\d+)?\\z/\n\n    private\n      def authorized?(request)\n        origin_host =\n          request.get_header(\"HTTP_HOST\")\u0026.slice(VALID_ORIGIN_HOST, 1) || \"\"\n        forwarded_host =\n          request.x_forwarded_host\u0026.slice(VALID_FORWARDED_HOST, 1) || \"\"\n        @permissions.allows?(origin_host) \u0026\u0026\n          (forwarded_host.blank? || @permissions.allows?(forwarded_host))\n      end\n  end\nend\n```\n",
  "id": "GHSA-2rqw-v265-jf8c",
  "modified": "2024-02-02T16:47:01Z",
  "published": "2021-08-26T20:36:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2021-22942"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c"
    },
    {
      "type": "WEB",
      "url": "https://rubygems.org/gems/actionpack"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240202-0005"
    },
    {
      "type": "WEB",
      "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5372"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open Redirect in ActionPack"
}

WID-SEC-W-2023-0618

Vulnerability from csaf_certbund

Published

2021-08-19 22:00

Modified

2023-03-12 23:00

Summary

Ruby on Rails: Schwachstelle ermöglicht Manipulation von Dateien

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Ruby on Rails ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Ruby on Rails ausnutzen, um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0618 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0618.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0618 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0618"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5372 vom 2023-03-13",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00061.html"
      },
      {
        "category": "external",
        "summary": "Ruby on Rails Release Notes vom 2021-08-19",
        "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
      }
    ],
    "source_lang": "en-US",
    "title": "Ruby on Rails: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
    "tracking": {
      "current_release_date": "2023-03-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:46:26.599+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0618",
      "initial_release_date": "2021-08-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-08-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Ruby on Rails \u003c 6.0.4.1",
                "product": {
                  "name": "Open Source Ruby on Rails \u003c 6.0.4.1",
                  "product_id": "T020204",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:6.0.4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Ruby on Rails \u003c 6.1.4.1",
                "product": {
                  "name": "Open Source Ruby on Rails \u003c 6.1.4.1",
                  "product_id": "T020205",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:6.1.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ruby on Rails"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22942",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Ruby on Rails. Es handelt sich um eine Open-Redirect-Schwachstelle in der Komponente \"Action Pack\", die mithilfe eines speziell angefertigten Headers bei Vorliegen einer bestimmten Konfiguration ausgenutzt werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951"
        ]
      },
      "release_date": "2021-08-19T22:00:00.000+00:00",
      "title": "CVE-2021-22942"
    }
  ]
}

wid-sec-w-2023-0618

Vulnerability from csaf_certbund

Published

2021-08-19 22:00

Modified

2023-03-12 23:00

Summary

Ruby on Rails: Schwachstelle ermöglicht Manipulation von Dateien

Notes

Produktbeschreibung

Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Ruby on Rails ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Ruby on Rails ausnutzen, um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0618 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0618.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0618 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0618"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5372 vom 2023-03-13",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00061.html"
      },
      {
        "category": "external",
        "summary": "Ruby on Rails Release Notes vom 2021-08-19",
        "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
      }
    ],
    "source_lang": "en-US",
    "title": "Ruby on Rails: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
    "tracking": {
      "current_release_date": "2023-03-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:46:26.599+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0618",
      "initial_release_date": "2021-08-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-08-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Ruby on Rails \u003c 6.0.4.1",
                "product": {
                  "name": "Open Source Ruby on Rails \u003c 6.0.4.1",
                  "product_id": "T020204",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:6.0.4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Ruby on Rails \u003c 6.1.4.1",
                "product": {
                  "name": "Open Source Ruby on Rails \u003c 6.1.4.1",
                  "product_id": "T020205",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:6.1.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ruby on Rails"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22942",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Ruby on Rails. Es handelt sich um eine Open-Redirect-Schwachstelle in der Komponente \"Action Pack\", die mithilfe eines speziell angefertigten Headers bei Vorliegen einer bestimmten Konfiguration ausgenutzt werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951"
        ]
      },
      "release_date": "2021-08-19T22:00:00.000+00:00",
      "title": "CVE-2021-22942"
    }
  ]
}

gsd-2021-22942

Vulnerability from gsd

Modified

2021-08-19 00:00

Details

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: >= 6.0.0. Not affected: < 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files that look like this: ```ruby config.hosts << '.EXAMPLE.com' ``` When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website. This vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not take in to account domain name case sensitivity. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- In the case a patch can’t be applied, the following monkey patch can be used in an initializer: ```ruby module ActionDispatch class HostAuthorization HOSTNAME = /[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\]/i VALID_ORIGIN_HOST = /\A(#{HOSTNAME})(?::\d+)?\z/ VALID_FORWARDED_HOST = /(?:\A|,[]?)(#{HOSTNAME})(?::\d+)?\z/ private def authorized?(request) origin_host = request.get_header("HTTP_HOST")&.slice(VALID_ORIGIN_HOST, 1) || "" forwarded_host = request.x_forwarded_host&.slice(VALID_FORWARDED_HOST, 1) || "" @permissions.allows?(origin_host) && (forwarded_host.blank? || @permissions.allows?(forwarded_host)) end end end ```

Aliases

CVE-2021-22942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22942",
    "description": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website.",
    "id": "GSD-2021-22942",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-22942.html",
      "https://security.archlinux.org/CVE-2021-22942",
      "https://www.debian.org/security/2023/dsa-5372"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "actionpack",
            "purl": "pkg:gem/actionpack"
          }
        }
      ],
      "aliases": [
        "CVE-2021-22942",
        "GHSA-2rqw-v265-jf8c"
      ],
      "details": "There is a possible open redirect vulnerability in the Host Authorization\nmiddleware in Action Pack. This vulnerability has been assigned the CVE\nidentifier CVE-2021-22942.\n\nVersions Affected: \u003e= 6.0.0.\nNot affected: \u003c 6.0.0\nFixed Versions: 6.1.4.1, 6.0.4.1\n\nImpact\n------\n\nSpecially crafted \u201cX-Forwarded-Host\u201d headers in combination with certain\n\u201callowed host\u201d formats can cause the Host Authorization middleware in\nAction Pack to redirect users to a malicious website.\n\nImpacted applications will have allowed hosts with a leading dot.\nFor example, configuration files that look like this:\n\n```ruby\nconfig.hosts \u003c\u003c  \u0027.EXAMPLE.com\u0027\n```\n\nWhen an allowed host contains a leading dot, a specially crafted\nHost header can be used to redirect to a malicious website.\n\nThis vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not\ntake in to account domain name case sensitivity.\n\nReleases\n--------\n\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\n\nIn the case a patch can\u2019t be applied, the following monkey patch can be\nused in an initializer:\n\n```ruby\nmodule ActionDispatch\n  class HostAuthorization\n    HOSTNAME = /[a-z0-9.-]+|\\[[a-f0-9]*:[a-f0-9.:]+\\]/i\n    VALID_ORIGIN_HOST = /\\A(#{HOSTNAME})(?::\\d+)?\\z/\n    VALID_FORWARDED_HOST = /(?:\\A|,[]?)(#{HOSTNAME})(?::\\d+)?\\z/\n\n    private\n      def authorized?(request)\n        origin_host =\n          request.get_header(\"HTTP_HOST\")\u0026.slice(VALID_ORIGIN_HOST, 1) || \"\"\n        forwarded_host =\n          request.x_forwarded_host\u0026.slice(VALID_FORWARDED_HOST, 1) || \"\"\n        @permissions.allows?(origin_host) \u0026\u0026\n          (forwarded_host.blank? || @permissions.allows?(forwarded_host))\n      end\n  end\nend\n```\n",
      "id": "GSD-2021-22942",
      "modified": "2021-08-19T00:00:00.000Z",
      "published": "2021-08-19T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c"
        }
      ],
      "related": [
        "CVE-2021-22881"
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 7.6,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Possible Open Redirect in Host Authorization Middleware"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2021-22942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "https://github.com/rails/rails",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "6.1.4.1, 6.0.4.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Open Redirect (CWE-601)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/",
            "refsource": "MISC",
            "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
          },
          {
            "name": "[oss-security] 20211214 [CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
          },
          {
            "name": "DSA-5372",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2023/dsa-5372"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240202-0005/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20240202-0005/"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2021-22942",
      "cvss_v3": 7.6,
      "date": "2021-08-19",
      "description": "There is a possible open redirect vulnerability in the Host Authorization\nmiddleware in Action Pack. This vulnerability has been assigned the CVE\nidentifier CVE-2021-22942.\n\nVersions Affected: \u003e= 6.0.0.\nNot affected: \u003c 6.0.0\nFixed Versions: 6.1.4.1, 6.0.4.1\n\nImpact\n------\n\nSpecially crafted \u201cX-Forwarded-Host\u201d headers in combination with certain\n\u201callowed host\u201d formats can cause the Host Authorization middleware in\nAction Pack to redirect users to a malicious website.\n\nImpacted applications will have allowed hosts with a leading dot.\nFor example, configuration files that look like this:\n\n```ruby\nconfig.hosts \u003c\u003c  \u0027.EXAMPLE.com\u0027\n```\n\nWhen an allowed host contains a leading dot, a specially crafted\nHost header can be used to redirect to a malicious website.\n\nThis vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not\ntake in to account domain name case sensitivity.\n\nReleases\n--------\n\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\n\nIn the case a patch can\u2019t be applied, the following monkey patch can be\nused in an initializer:\n\n```ruby\nmodule ActionDispatch\n  class HostAuthorization\n    HOSTNAME = /[a-z0-9.-]+|\\[[a-f0-9]*:[a-f0-9.:]+\\]/i\n    VALID_ORIGIN_HOST = /\\A(#{HOSTNAME})(?::\\d+)?\\z/\n    VALID_FORWARDED_HOST = /(?:\\A|,[]?)(#{HOSTNAME})(?::\\d+)?\\z/\n\n    private\n      def authorized?(request)\n        origin_host =\n          request.get_header(\"HTTP_HOST\")\u0026.slice(VALID_ORIGIN_HOST, 1) || \"\"\n        forwarded_host =\n          request.x_forwarded_host\u0026.slice(VALID_FORWARDED_HOST, 1) || \"\"\n        @permissions.allows?(origin_host) \u0026\u0026\n          (forwarded_host.blank? || @permissions.allows?(forwarded_host))\n      end\n  end\nend\n```\n",
      "framework": "rails",
      "gem": "actionpack",
      "ghsa": "2rqw-v265-jf8c",
      "patched_versions": [
        "~\u003e 6.0.4, \u003e= 6.0.4.1",
        "\u003e= 6.1.4.1"
      ],
      "related": {
        "cve": [
          "2021-22881"
        ]
      },
      "title": "Possible Open Redirect in Host Authorization Middleware",
      "unaffected_versions": [
        "\u003c 6.0.0"
      ],
      "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=6.0.0 \u003c=6.0.4||\u003e=6.1.0 \u003c=6.1.4",
          "affected_versions": "All versions starting from 6.0.0 up to 6.0.4, all versions starting from 6.1.0 up to 6.1.4",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-601",
            "CWE-937"
          ],
          "date": "2021-12-15",
          "description": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website.",
          "fixed_versions": [
            "6.0.4.1",
            "6.1.4.1"
          ],
          "identifier": "CVE-2021-22942",
          "identifiers": [
            "GHSA-2rqw-v265-jf8c",
            "CVE-2021-22942"
          ],
          "not_impacted": "All versions before 6.0.0, all versions after 6.0.4 before 6.1.0, all versions after 6.1.4",
          "package_slug": "gem/actionpack",
          "pubdate": "2021-08-26",
          "solution": "Upgrade to versions 6.0.4.1, 6.1.4.1 or above.",
          "title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-22942",
            "https://access.redhat.com/security/cve/cve-2021-22942",
            "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml",
            "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c",
            "https://rubygems.org/gems/actionpack",
            "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/",
            "http://www.openwall.com/lists/oss-security/2021/12/14/5",
            "https://github.com/advisories/GHSA-2rqw-v265-jf8c"
          ],
          "uuid": "38e3f4f9-ca8c-4d72-974a-d8e9904bb847"
        },
        {
          "affected_range": "\u003e=6.0.0 \u003c6.0.4.1||\u003e=6.1.0 \u003c6.1.4.1",
          "affected_versions": "All versions starting from 6.0.0 before 6.0.4.1, all versions starting from 6.1.0 before 6.1.4.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-601",
            "CWE-937"
          ],
          "date": "2023-03-14",
          "description": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack that could allow attackers to redirect users to a malicious website.",
          "fixed_versions": [
            "6.0.4.1",
            "6.1.4.1"
          ],
          "identifier": "CVE-2021-22942",
          "identifiers": [
            "CVE-2021-22942"
          ],
          "not_impacted": "All versions before 6.0.0, all versions starting from 6.0.4.1 before 6.1.0, all versions starting from 6.1.4.1",
          "package_slug": "gem/rails",
          "pubdate": "2021-10-18",
          "solution": "Upgrade to versions 6.0.4.1, 6.1.4.1 or above.",
          "title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-22942",
            "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
          ],
          "uuid": "e453405c-629c-4052-99c3-d335c8790563"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8AB5441B-36FB-4F96-B958-E36F4A15E510",
                    "versionEndExcluding": "6.0.4.1",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9D495715-8C1F-4734-AA73-A6F82E181AF2",
                    "versionEndExcluding": "6.1.4.1",
                    "versionStartIncluding": "6.1.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website."
          },
          {
            "lang": "es",
            "value": "Se presenta una posible vulnerabilidad de redireccionamiento abierto en el middleware Host Authorization de Action Pack versiones posteriores a 6.0.0 incluy\u00e9ndola, que podr\u00eda permitir a atacantes redirigir a usuarios a un sitio web malicioso"
          }
        ],
        "id": "CVE-2021-22942",
        "lastModified": "2024-02-02T14:15:53.073",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 4.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-10-18T13:15:09.323",
        "references": [
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mailing List",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
          },
          {
            "source": "support@hackerone.com",
            "url": "https://security.netapp.com/advisory/ntap-20240202-0005/"
          },
          {
            "source": "support@hackerone.com",
            "tags": [
              "Mitigation",
              "Vendor Advisory"
            ],
            "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
          },
          {
            "source": "support@hackerone.com",
            "url": "https://www.debian.org/security/2023/dsa-5372"
          }
        ],
        "sourceIdentifier": "support@hackerone.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-601"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-601"
              }
            ],
            "source": "support@hackerone.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

fkie_cve-2021-22942

Vulnerability from fkie_nvd

Published

2021-10-18 13:15

Modified

2024-11-21 05:50

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

References

URL	Tags
support@hackerone.com	http://www.openwall.com/lists/oss-security/2021/12/14/5	Mailing List, Patch, Third Party Advisory
support@hackerone.com	https://security.netapp.com/advisory/ntap-20240202-0005/
support@hackerone.com	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/	Mitigation, Vendor Advisory
support@hackerone.com	https://www.debian.org/security/2023/dsa-5372
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/14/5	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240202-0005/
af854a3a-2127-422b-91ae-364da2661108	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5372

Impacted products

	Vendor	Product	Version
	rubyonrails	rails	*
	rubyonrails	rails	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB5441B-36FB-4F96-B958-E36F4A15E510",
              "versionEndExcluding": "6.0.4.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D495715-8C1F-4734-AA73-A6F82E181AF2",
              "versionEndExcluding": "6.1.4.1",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A possible open redirect vulnerability in the Host Authorization middleware in Action Pack \u003e= 6.0.0 that could allow attackers to redirect users to a malicious website."
    },
    {
      "lang": "es",
      "value": "Se presenta una posible vulnerabilidad de redireccionamiento abierto en el middleware Host Authorization de Action Pack versiones posteriores a 6.0.0 incluy\u00e9ndola, que podr\u00eda permitir a atacantes redirigir a usuarios a un sitio web malicioso"
    }
  ],
  "id": "CVE-2021-22942",
  "lastModified": "2024-11-21T05:50:59.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-18T13:15:09.323",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
    },
    {
      "source": "support@hackerone.com",
      "url": "https://security.netapp.com/advisory/ntap-20240202-0005/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
    },
    {
      "source": "support@hackerone.com",
      "url": "https://www.debian.org/security/2023/dsa-5372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240202-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2023/dsa-5372"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-22942

Vulnerability from cvelistv5

ghsa-2rqw-v265-jf8c

Vulnerability from github

Overview

Impact

Releases

Workarounds

WID-SEC-W-2023-0618

Vulnerability from csaf_certbund

wid-sec-w-2023-0618

Vulnerability from csaf_certbund

gsd-2021-22942

Vulnerability from gsd

fkie_cve-2021-22942

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature