GSD-2020-11082
Vulnerability from gsd - Updated: 2020-05-28 00:00Details
### Impact
There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links.
For example, an attacker could craft pagination links that link to other domain or host:
https://example.com/posts?page=4&original_script_name=https://another-host.example.com
In addition, an attacker could also craft pagination links that include JavaScript code that runs when a user clicks the link:
https://example.com/posts?page=4&original_script_name=javascript:alert(42)%3b//
### Releases
The 1.2.1 gem including the patch has already been released.
All past released versions are affected by this vulnerability.
### Workarounds
Application developers who can't update the gem can workaround by overriding the `PARAM_KEY_EXCEPT_LIST` constant.
```ruby
module Kaminari::Helpers
PARAM_KEY_EXCEPT_LIST = [:authenticity_token, :commit, :utf8, :_method, :script_name, :original_script_name].freeze
end
```
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-11082",
"description": "In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.",
"id": "GSD-2020-11082",
"references": [
"https://www.debian.org/security/2021/dsa-5005"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "kaminari",
"purl": "pkg:gem/kaminari"
}
}
],
"aliases": [
"CVE-2020-11082",
"GHSA-r5jw-62xg-j433"
],
"details": "### Impact\nThere was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links.\n\nFor example, an attacker could craft pagination links that link to other domain or host:\nhttps://example.com/posts?page=4\u0026original_script_name=https://another-host.example.com\n\nIn addition, an attacker could also craft pagination links that include JavaScript code that runs when a user clicks the link:\nhttps://example.com/posts?page=4\u0026original_script_name=javascript:alert(42)%3b//\n\n### Releases\nThe 1.2.1 gem including the patch has already been released.\nAll past released versions are affected by this vulnerability.\n\n### Workarounds\nApplication developers who can\u0027t update the gem can workaround by overriding the `PARAM_KEY_EXCEPT_LIST` constant.\n\n```ruby\nmodule Kaminari::Helpers\n PARAM_KEY_EXCEPT_LIST = [:authenticity_token, :commit, :utf8, :_method, :script_name, :original_script_name].freeze\nend\n```",
"id": "GSD-2020-11082",
"modified": "2020-05-28T00:00:00.000Z",
"published": "2020-05-28T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.4,
"type": "CVSS_V3"
}
],
"summary": "Cross-Site Scripting in Kaminari via `original_script_name` parameter"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11082",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Kaminari"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaminari",
"version": {
"version_data": [
{
"version_value": "\u003c 1.2.1"
}
]
}
}
]
},
"vendor_name": "kaminari"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433",
"refsource": "CONFIRM",
"url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433"
},
{
"name": "https://github.com/github/advisory-review/pull/1020",
"refsource": "MISC",
"url": "https://github.com/github/advisory-review/pull/1020"
},
{
"name": "https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8",
"refsource": "MISC",
"url": "https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8"
},
{
"name": "[debian-lts-announce] 20210922 [SECURITY] [DLA 2763-1] ruby-kaminari security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00011.html"
},
{
"name": "DSA-5005",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5005"
}
]
},
"source": {
"advisory": "GHSA-r5jw-62xg-j433",
"discovery": "UNKNOWN"
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2020-11082",
"cvss_v3": 6.4,
"date": "2020-05-28",
"description": "### Impact\nThere was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links.\n\nFor example, an attacker could craft pagination links that link to other domain or host:\nhttps://example.com/posts?page=4\u0026original_script_name=https://another-host.example.com\n\nIn addition, an attacker could also craft pagination links that include JavaScript code that runs when a user clicks the link:\nhttps://example.com/posts?page=4\u0026original_script_name=javascript:alert(42)%3b//\n\n### Releases\nThe 1.2.1 gem including the patch has already been released.\nAll past released versions are affected by this vulnerability.\n\n### Workarounds\nApplication developers who can\u0027t update the gem can workaround by overriding the `PARAM_KEY_EXCEPT_LIST` constant.\n\n```ruby\nmodule Kaminari::Helpers\n PARAM_KEY_EXCEPT_LIST = [:authenticity_token, :commit, :utf8, :_method, :script_name, :original_script_name].freeze\nend\n```",
"gem": "kaminari",
"ghsa": "r5jw-62xg-j433",
"patched_versions": [
"\u003e= 1.2.1"
],
"title": "Cross-Site Scripting in Kaminari via `original_script_name` parameter",
"url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.2.1",
"affected_versions": "All versions before 1.2.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2021-11-30",
"description": "In Kaminari, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links.",
"fixed_versions": [
"1.2.1"
],
"identifier": "CVE-2020-11082",
"identifiers": [
"CVE-2020-11082",
"GHSA-r5jw-62xg-j433"
],
"not_impacted": "All versions starting from 1.2.1",
"package_slug": "gem/kaminari",
"pubdate": "2020-05-28",
"solution": "Upgrade to version 1.2.1 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11082"
],
"uuid": "92e12617-df91-4872-97ab-66a5e0347a90"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kaminari_project:kaminari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11082"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433"
},
{
"name": "https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8"
},
{
"name": "https://github.com/github/advisory-review/pull/1020",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "https://github.com/github/advisory-review/pull/1020"
},
{
"name": "[debian-lts-announce] 20210922 [SECURITY] [DLA 2763-1] ruby-kaminari security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00011.html"
},
{
"name": "DSA-5005",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5005"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-11-30T22:07Z",
"publishedDate": "2020-05-28T21:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…