Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-301
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 6.x antérieures à 6.0.3.1 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 5.x antérieures à 5.2.4.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby on Rails versions 6.x ant\u00e9rieures \u00e0 6.0.3.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 5.x ant\u00e9rieures \u00e0 5.2.4.3",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8166"
},
{
"name": "CVE-2020-8165",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8165"
},
{
"name": "CVE-2020-8164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8164"
},
{
"name": "CVE-2020-8162",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8162"
},
{
"name": "CVE-2020-8167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8167"
}
],
"initial_release_date": "2020-05-19T00:00:00",
"last_revision_date": "2020-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-301",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8167 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8164 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8162 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8166 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8165 du 18 mai 2020",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c"
}
]
}
CVE-2020-8166 (GCVE-0-2020-8166)
Vulnerability from cvelistv5
Published
2020-07-02 18:35
Modified
2024-08-04 09:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF) ()
Summary
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Version: Fixed in 5.2.4.3, 6.0.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/732415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:21",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/732415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/732415",
"refsource": "MISC",
"url": "https://hackerone.com/reports/732415"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8166",
"datePublished": "2020-07-02T18:35:17",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8162 (GCVE-0-2020-8162)
Vulnerability from cvelistv5
Published
2020-06-19 17:02
Modified
2024-08-04 09:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security ()
Summary
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Version: rails >= 5.2.4.3, rails >= 6.0.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/789579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A client side enforcement of server side security vulnerability exists in rails \u003c 5.2.4.2 and rails \u003c 6.0.3.1 ActiveStorage\u0027s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Client-Side Enforcement of Server-Side Security (CWE-602)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:23",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/789579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A client side enforcement of server side security vulnerability exists in rails \u003c 5.2.4.2 and rails \u003c 6.0.3.1 ActiveStorage\u0027s S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-Side Enforcement of Server-Side Security (CWE-602)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/789579",
"refsource": "MISC",
"url": "https://hackerone.com/reports/789579"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8162",
"datePublished": "2020-06-19T17:02:42",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8165 (GCVE-0-2020-8165)
Vulnerability from cvelistv5
Published
2020-06-19 17:05
Modified
2025-05-09 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data ()
Summary
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Version: Fixed in 5.2.4.3, 6.0.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-09T20:03:28.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/413388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1677",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1679",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250509-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data (CWE-502)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-17T11:06:36.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/413388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1677",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1679",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data (CWE-502)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/413388",
"refsource": "MISC",
"url": "https://hackerone.com/reports/413388"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
"refsource": "CONFIRM",
"url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
},
{
"name": "openSUSE-SU-2020:1679",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8165",
"datePublished": "2020-06-19T17:05:30.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2025-05-09T20:03:28.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8164 (GCVE-0-2020-8164)
Vulnerability from cvelistv5
Published
2020-06-19 17:04
Modified
2024-08-04 09:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data ()
Summary
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Version: 5.2.4.3, 6.0.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/292797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
},
{
"name": "openSUSE-SU-2020:1536",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
},
{
"name": "openSUSE-SU-2020:1575",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data (CWE-502)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-29T14:06:08",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/292797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
},
{
"name": "openSUSE-SU-2020:1536",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
},
{
"name": "openSUSE-SU-2020:1575",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data (CWE-502)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/292797",
"refsource": "MISC",
"url": "https://hackerone.com/reports/292797"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
},
{
"name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
},
{
"name": "openSUSE-SU-2020:1533",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
},
{
"name": "openSUSE-SU-2020:1536",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
},
{
"name": "openSUSE-SU-2020:1575",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8164",
"datePublished": "2020-06-19T17:04:13",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8167 (GCVE-0-2020-8167)
Vulnerability from cvelistv5
Published
2020-06-19 17:16
Modified
2024-08-04 09:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF) ()
Summary
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | http://github.com/rails/rails |
Version: Fixed in 5.2.4.3, 6.0.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/189878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "http://github.com/rails/rails",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T11:06:22",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/189878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
},
{
"name": "DSA-4766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "http://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.2.4.3, 6.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/189878",
"refsource": "MISC",
"url": "https://hackerone.com/reports/189878"
},
{
"name": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0",
"refsource": "MISC",
"url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
},
{
"name": "DSA-4766",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8167",
"datePublished": "2020-06-19T17:16:06",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…