All the vulnerabilites related to Rails - ActiveSupport
cve-2023-38037
Vulnerability from cvelistv5
Published
2025-01-09 00:33
Modified
2025-01-09 21:36
Severity ?
EPSS score ?
Summary
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file. The temporary file's permissions are defaulted to the user's
current `umask` settings, meaning that it's possible for other users on the
same system to read the contents of the temporary file.
Attackers that have access to the file system could possibly read the contents
of this temporary file while a user is editing it.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Rails | ActiveSupport |
Version: >= 5.2.0 < >= 5.2.0 Patch: 7.0.7.1, 6.1.7.5 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T21:35:42.283546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T21:36:28.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ActiveSupport",
"vendor": "Rails",
"versions": [
{
"lessThan": "\u003e= 5.2.0",
"status": "affected",
"version": "\u003e= 5.2.0",
"versionType": "custom"
},
{
"lessThan": "5.2.0",
"status": "unaffected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "7.0.7.1, 6.1.7.5",
"status": "unaffected",
"version": "7.0.7.1, 6.1.7.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ActiveSupport::EncryptedFile writes contents that will be encrypted to a\r\ntemporary file. The temporary file\u0027s permissions are defaulted to the user\u0027s\r\ncurrent `umask` settings, meaning that it\u0027s possible for other users on the\r\nsame system to read the contents of the temporary file.\r\n\r\nAttackers that have access to the file system could possibly read the contents\r\nof this temporary file while a user is editing it.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T00:33:47.704Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-38037",
"datePublished": "2025-01-09T00:33:47.704Z",
"dateReserved": "2023-07-12T01:00:11.881Z",
"dateUpdated": "2025-01-09T21:36:28.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28120
Vulnerability from cvelistv5
Published
2025-01-09 00:33
Modified
2025-01-09 21:46
Severity ?
EPSS score ?
Summary
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Rails | ActiveSupport |
Version: 7.0.4.3 < 7.0.4.3 Version: 6.1.7.3 < 6.1.7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T21:44:02.886065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T21:46:38.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ActiveSupport",
"vendor": "Rails",
"versions": [
{
"lessThan": "7.0.4.3",
"status": "affected",
"version": "7.0.4.3",
"versionType": "custom"
},
{
"lessThan": "6.1.7.3",
"status": "affected",
"version": "6.1.7.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input."
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T00:33:47.658Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469"
},
{
"url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240202-0006/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5389"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-28120",
"datePublished": "2025-01-09T00:33:47.658Z",
"dateReserved": "2023-03-10T19:36:27.051Z",
"dateUpdated": "2025-01-09T21:46:38.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}