CVE-2021-22942 - A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0

CVE-2021-22942

Summary

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

References

Vulnerable Configurations

cpe:2.3:a:rubyonrails:rails:6.1.0:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.0:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.1:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.1:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3:-:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.0.4:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 02-02-2024 - 14:15)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

Last major update

02-02-2024 - 14:15

Published

18-10-2021 - 13:15

Last modified

02-02-2024 - 14:15