gsd-2018-1000119
Vulnerability from gsd
Modified
2018-03-07 00:00
Details
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.



{
  "GSD": {
    "alias": "CVE-2018-1000119",
    "description": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.",
    "id": "GSD-2018-1000119",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-1000119.html",
      "https://www.debian.org/security/2018/dsa-4247",
      "https://access.redhat.com/errata/RHSA-2021:1313",
      "https://access.redhat.com/errata/RHSA-2020:4366",
      "https://access.redhat.com/errata/RHSA-2018:1060",
      "https://linux.oracle.com/cve/CVE-2018-1000119.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rack-protection",
            "purl": "pkg:gem/rack-protection"
          }
        }
      ],
      "aliases": [
        "CVE-2018-1000119",
        "GHSA-688c-3x49-6rqj"
      ],
      "details": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains\na timing attack vulnerability in the CSRF token checking that can result in signatures\ncan be exposed. This attack appear to be exploitable via network connectivity to\nthe ruby application.\n",
      "id": "GSD-2018-1000119",
      "modified": "2018-03-07T00:00:00.000Z",
      "published": "2018-03-07T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/sinatra/rack-protection/pull/98"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V2"
        },
        {
          "score": 5.9,
          "type": "CVSS_V3"
        }
      ],
      "summary": "rack-protection gem timing attack vulnerability when validating CSRF token"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "DATE_ASSIGNED": "3/6/2018 21:59:48",
        "ID": "CVE-2018-1000119",
        "REQUESTER": "kurt@seifried.org",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/sinatra/rack-protection/pull/98",
            "refsource": "CONFIRM",
            "url": "https://github.com/sinatra/rack-protection/pull/98"
          },
          {
            "name": "RHSA-2018:1060",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:1060"
          },
          {
            "name": "DSA-4247",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4247"
          },
          {
            "name": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109",
            "refsource": "CONFIRM",
            "url": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-1000119",
      "cvss_v2": 4.3,
      "cvss_v3": 5.9,
      "date": "2018-03-07",
      "description": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains\na timing attack vulnerability in the CSRF token checking that can result in signatures\ncan be exposed. This attack appear to be exploitable via network connectivity to\nthe ruby application.\n",
      "gem": "rack-protection",
      "ghsa": "688c-3x49-6rqj",
      "patched_versions": [
        "~\u003e 1.5.5",
        "\u003e= 2.0.0"
      ],
      "title": "rack-protection gem timing attack vulnerability when validating CSRF token",
      "url": "https://github.com/sinatra/rack-protection/pull/98"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.5.5||\u003e=2.0.0.beta1 \u003c2.0.0",
          "affected_versions": "All versions before 1.5.5, all versions starting from 2.0.0.beta1 before 2.0.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-203",
            "CWE-937"
          ],
          "date": "2018-07-28",
          "description": "Sinatra rack-protection contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.",
          "fixed_versions": [
            "1.5.5",
            "2.0.0"
          ],
          "identifier": "CVE-2018-1000119",
          "identifiers": [
            "CVE-2018-1000119"
          ],
          "not_impacted": "All versions starting from 1.5.5 before 2.0.0.beta1, all versions starting from 2.0.0",
          "package_slug": "gem/rack-protection",
          "pubdate": "2018-03-07",
          "solution": "Upgrade to versions 1.5.5, 2.0.0 or above.",
          "title": "Timing attack vulnerability",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1000119",
            "https://github.com/sinatra/rack-protection/pull/98",
            "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109"
          ],
          "uuid": "5d960934-e2a6-4fe2-afed-81aed90a654a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sinatrarb:rack-protection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-1000119"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109"
            },
            {
              "name": "https://github.com/sinatra/rack-protection/pull/98",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/sinatra/rack-protection/pull/98"
            },
            {
              "name": "RHSA-2018:1060",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1060"
            },
            {
              "name": "DSA-4247",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2018/dsa-4247"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-03-07T14:29Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.