GSD-2018-16476
Vulnerability from gsd - Updated: 2018-11-27 00:00Details
There is a vulnerability in Active Job. This vulnerability has been
assigned the CVE identifier CVE-2018-16476.
Versions Affected: >= 4.2.0
Not affected: < 4.2.0
Fixed Versions: 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1
Impact
------
Carefully crafted user input can cause Active Job to deserialize it using GlobalId
and allow an attacker to have access to information that they should not have.
Vulnerable code will look something like this:
MyJob.perform_later(user_input)
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-16476",
"description": "A Broken Access Control vulnerability in Active Job versions \u003e= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.",
"id": "GSD-2018-16476",
"references": [
"https://www.suse.com/security/cve/CVE-2018-16476.html",
"https://access.redhat.com/errata/RHSA-2019:0600"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "activejob",
"purl": "pkg:gem/activejob"
}
}
],
"aliases": [
"CVE-2018-16476",
"GHSA-q2qw-rmrh-vv42"
],
"details": "There is a vulnerability in Active Job. This vulnerability has been\nassigned the CVE identifier CVE-2018-16476.\n\nVersions Affected: \u003e= 4.2.0\nNot affected: \u003c 4.2.0\nFixed Versions: 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1\n\nImpact\n------\nCarefully crafted user input can cause Active Job to deserialize it using GlobalId\nand allow an attacker to have access to information that they should not have.\n\nVulnerable code will look something like this:\n\n MyJob.perform_later(user_input)\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n",
"id": "GSD-2018-16476",
"modified": "2018-11-27T00:00:00.000Z",
"published": "2018-11-27T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V3"
}
],
"summary": "Broken Access Control vulnerability in Active Job"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "4.2.0 up to and before 4.2.11"
},
{
"version_value": "4.2.0 up to and before 5.0.7.1"
},
{
"version_value": "4.2.0 up to and before 5.1.6.1"
},
{
"version_value": "4.2.0 up to and before 5.2.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Broken Access Control vulnerability in Active Job versions \u003e= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ"
},
{
"name": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/",
"refsource": "MISC",
"url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/"
},
{
"name": "RHSA-2019:0600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0600"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2018-16476",
"cvss_v3": 7.5,
"date": "2018-11-27",
"description": "There is a vulnerability in Active Job. This vulnerability has been\nassigned the CVE identifier CVE-2018-16476.\n\nVersions Affected: \u003e= 4.2.0\nNot affected: \u003c 4.2.0\nFixed Versions: 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1\n\nImpact\n------\nCarefully crafted user input can cause Active Job to deserialize it using GlobalId\nand allow an attacker to have access to information that they should not have.\n\nVulnerable code will look something like this:\n\n MyJob.perform_later(user_input)\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n",
"gem": "activejob",
"ghsa": "q2qw-rmrh-vv42",
"patched_versions": [
"~\u003e 4.2.11",
"~\u003e 5.0.7.1",
"~\u003e 5.1.6.1",
"~\u003e 5.1.7",
"\u003e= 5.2.1.1"
],
"title": "Broken Access Control vulnerability in Active Job",
"unaffected_versions": [
"\u003c 4.2.0"
],
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=5.1.0 \u003c5.1.6.1||\u003e=4.2.0 \u003c4.2.11||\u003e=5.0.0 \u003c5.0.7.1||\u003e=5.2.0 \u003c5.2.1.1",
"affected_versions": "All versions starting from 5.1.0 before 5.1.6.1, all versions starting from 4.2.0 before 4.2.11, all versions starting from 5.0.0 before 5.0.7.1, all versions starting from 5.2.0 before 5.2.1.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-10-09",
"description": "A Broken Access Control vulnerability in Active Job ",
"fixed_versions": [
"4.2.11",
"5.0.7.1",
"5.1.6.1",
"5.2.1.1"
],
"identifier": "CVE-2018-16476",
"identifiers": [
"CVE-2018-16476"
],
"not_impacted": "All versions before 5.1.0, all versions starting from 5.1.6.1, all versions before 4.2.0, all versions starting from 4.2.11 before 5.0.0, all versions starting from 5.0.7.1 before 5.2.0, all versions starting from 5.2.1.1",
"package_slug": "gem/activejob",
"pubdate": "2018-11-30",
"solution": "Upgrade to versions 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-16476",
"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/",
"https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ",
"https://access.redhat.com/errata/RHSA-2019:0600"
],
"uuid": "92342f72-5614-453b-9cb1-c290530f0c14"
},
{
"affected_range": "\u003e=4.2.0 \u003c4.2.11||\u003e=5.0.0 \u003c5.0.7.1||\u003e=5.1.0 \u003c5.1.6.1||\u003e=5.2.0 \u003c5.2.1.1",
"affected_versions": "All versions starting from 4.2.0 before 4.2.11, all versions starting from 5.0.0 before 5.0.7.1, all versions starting from 5.1.0 before 5.1.6.1, all versions starting from 5.2.0 before 5.2.1.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-10-09",
"description": "A Broken Access Control vulnerability in Active Job allows attackers to craft user input which, when deserialized through Active Job, could give them access to information that they should not have.",
"fixed_versions": [
"4.2.11",
"5.0.7.1",
"5.1.6.1",
"5.2.1.1"
],
"identifier": "CVE-2018-16476",
"identifiers": [
"CVE-2018-16476"
],
"not_impacted": "All versions before 4.2.0, all versions starting from 4.2.11 before 5.0.0, all versions starting from 5.0.7.1 before 5.1.0, all versions starting from 5.1.6.1 before 5.2.0, all versions starting from 5.2.1.1",
"package_slug": "gem/rails",
"pubdate": "2018-11-30",
"solution": "Upgrade to versions 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-16476",
"https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/"
],
"uuid": "18b3b503-c508-4713-9bb9-057fcefe6dfe"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.6.1",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.11",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.7.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1.1",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2018-16476"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Broken Access Control vulnerability in Active Job versions \u003e= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/"
},
{
"name": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ"
},
{
"name": "RHSA-2019:0600",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0600"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-09T23:36Z",
"publishedDate": "2018-11-30T19:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…