ID CVE-2017-0905
Summary The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.
References
Vulnerable Configurations
  • Recurly Client Ruby 2.0.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.0
  • Recurly Client Ruby 2.0.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.1
  • Recurly Client Ruby 2.0.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.2
  • Recurly Client Ruby 2.0.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.3
  • Recurly Client Ruby 2.0.4
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.4
  • Recurly Client Ruby 2.0.5
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.5
  • Recurly Client Ruby 2.0.6
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.6
  • Recurly Client Ruby 2.0.7
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.7
  • Recurly Client Ruby 2.0.8
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.8
  • Recurly Client Ruby 2.0.9
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.9
  • Recurly Client Ruby 2.0.10
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.10
  • Recurly Client Ruby 2.0.11
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.11
  • Recurly Client Ruby 2.0.12
    cpe:2.3:a:recurly:recurly_client_ruby:2.0.12
  • Recurly Client Ruby 2.1.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.0
  • Recurly Client Ruby 2.1.0 C
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.0:c
  • Recurly Client Ruby 2.1.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.1
  • Recurly Client Ruby 2.1.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.2
  • Recurly Client Ruby 2.1.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.3
  • Recurly Client Ruby 2.1.4
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.4
  • Recurly Client Ruby 2.1.5
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.5
  • Recurly Client Ruby 2.1.6
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.6
  • Recurly Client Ruby 2.1.7
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.7
  • Recurly Client Ruby 2.1.8
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.8
  • Recurly Client Ruby 2.1.9
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.9
  • Recurly Client Ruby 2.1.10
    cpe:2.3:a:recurly:recurly_client_ruby:2.1.10
  • Recurly Client Ruby 2.2.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.2.0
  • Recurly Client Ruby 2.2.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.2.1
  • Recurly Client Ruby 2.2.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.2.2
  • Recurly Client Ruby 2.2.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.2.3
  • Recurly Client Ruby 2.2.4
    cpe:2.3:a:recurly:recurly_client_ruby:2.2.4
  • Recurly Client Ruby 2.3.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.0
  • Recurly Client Ruby 2.3.0 Beta1
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.0:beta1
  • Recurly Client Ruby 2.3.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.1
  • Recurly Client Ruby 2.3.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.2
  • Recurly Client Ruby 2.3.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.3
  • Recurly Client Ruby 2.3.4
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.4
  • Recurly Client Ruby 2.3.5
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.5
  • Recurly Client Ruby 2.3.6
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.6
  • Recurly Client Ruby 2.3.7
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.7
  • Recurly Client Ruby 2.3.8
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.8
  • Recurly Client Ruby 2.3.9
    cpe:2.3:a:recurly:recurly_client_ruby:2.3.9
  • Recurly Client Ruby 2.4.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.0
  • Recurly Client Ruby 2.4.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.1
  • Recurly Client Ruby 2.4.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.2
  • Recurly Client Ruby 2.4.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.3
  • Recurly Client Ruby 2.4.4
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.4
  • Recurly Client Ruby 2.4.5
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.5
  • Recurly Client Ruby 2.4.6
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.6
  • Recurly Client Ruby 2.4.7
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.7
  • Recurly Client Ruby 2.4.8
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.8
  • Recurly Client Ruby 2.4.9
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.9
  • Recurly Client Ruby 2.4.10
    cpe:2.3:a:recurly:recurly_client_ruby:2.4.10
  • Recurly Client Ruby 2.5.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.5.0
  • Recurly Client Ruby 2.5.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.5.1
  • Recurly Client Ruby 2.5.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.5.2
  • Recurly Client Ruby 2.5.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.5.3
  • Recurly Client Ruby 2.6.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.6.0
  • Recurly Client Ruby 2.6.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.6.1
  • Recurly Client Ruby 2.6.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.6.2
  • Recurly Client Ruby 2.7.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.0
  • Recurly Client Ruby 2.7.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.1
  • Recurly Client Ruby 2.7.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.2
  • Recurly Client Ruby 2.7.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.3
  • Recurly Client Ruby 2.7.4
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.4
  • Recurly Client Ruby 2.7.5
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.5
  • Recurly Client Ruby 2.7.6
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.6
  • Recurly Client Ruby 2.7.7
    cpe:2.3:a:recurly:recurly_client_ruby:2.7.7
  • Recurly Client Ruby 2.8.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.8.0
  • Recurly Client Ruby 2.8.0 Release Candidate 1
    cpe:2.3:a:recurly:recurly_client_ruby:2.8.0:rc1
  • Recurly Client Ruby 2.8.0 Release Candidate 3
    cpe:2.3:a:recurly:recurly_client_ruby:2.8.0:rc3
  • Recurly Client Ruby 2.8.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.8.1
  • Recurly Client Ruby 2.9.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.9.0
  • Recurly Client Ruby 2.9.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.9.1
  • Recurly Client Ruby 2.10.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.10.0
  • Recurly Client Ruby 2.10.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.10.1
  • Recurly Client Ruby 2.10.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.10.2
  • Recurly Client Ruby 2.10.3
    cpe:2.3:a:recurly:recurly_client_ruby:2.10.3
  • Recurly Client Ruby 2.11.0
    cpe:2.3:a:recurly:recurly_client_ruby:2.11.0
  • Recurly Client Ruby 2.11.1
    cpe:2.3:a:recurly:recurly_client_ruby:2.11.1
  • Recurly Client Ruby 2.11.2
    cpe:2.3:a:recurly:recurly_client_ruby:2.11.2
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-918
CAPEC
refmap via4
confirm
misc https://hackerone.com/reports/288635
Last major update 13-11-2017 - 12:29
Published 13-11-2017 - 12:29
Last modified 01-12-2017 - 08:39
Back to Top