cnvd - cnvd-2022-13387

cnvd-2022-13387

Vulnerability from cnvd

Title: Rails Action Pack信息泄露漏洞（CNVD-2022-13387）

Description:

Rails Action Pack是美国Rails社区的一个web框架。提供了路由机制（将请求URL映射到动作），定义实现动作的控制器以及通过渲染视图（各种格式的模板）生成响应的机制。

Rails Action Pack存在信息泄露漏洞，攻击者可利用该漏洞导致数据泄露给后续请求。

Severity: 中

Patch Name: Rails Action Pack信息泄露漏洞（CNVD-2022-13387）的补丁

Patch Description:

Rails Action Pack存在信息泄露漏洞，攻击者可利用该漏洞导致数据泄露给后续请求。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

Reference: https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

Impacted products

Name
['Rails Action Pack <7.0.2.1', 'Rails Action Pack <6.1.4.5', 'Rails Action Pack <6.0.4.5', 'Rails Action Pack <5.2.6.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-23633"
    }
  },
  "description": "Rails Action Pack\u662f\u7f8e\u56fdRails\u793e\u533a\u7684\u4e00\u4e2aweb\u6846\u67b6\u3002\u63d0\u4f9b\u4e86\u8def\u7531\u673a\u5236\uff08\u5c06\u8bf7\u6c42URL\u6620\u5c04\u5230\u52a8\u4f5c\uff09\uff0c\u5b9a\u4e49\u5b9e\u73b0\u52a8\u4f5c\u7684\u63a7\u5236\u5668\u4ee5\u53ca\u901a\u8fc7\u6e32\u67d3\u89c6\u56fe\uff08\u5404\u79cd\u683c\u5f0f\u7684\u6a21\u677f\uff09\u751f\u6210\u54cd\u5e94\u7684\u673a\u5236\u3002\n\nRails Action Pack\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u7ed9\u540e\u7eed\u8bf7\u6c42\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-13387",
  "openTime": "2022-02-23",
  "patchDescription": "Rails Action Pack\u662f\u7f8e\u56fdRails\u793e\u533a\u7684\u4e00\u4e2aweb\u6846\u67b6\u3002\u63d0\u4f9b\u4e86\u8def\u7531\u673a\u5236\uff08\u5c06\u8bf7\u6c42URL\u6620\u5c04\u5230\u52a8\u4f5c\uff09\uff0c\u5b9a\u4e49\u5b9e\u73b0\u52a8\u4f5c\u7684\u63a7\u5236\u5668\u4ee5\u53ca\u901a\u8fc7\u6e32\u67d3\u89c6\u56fe\uff08\u5404\u79cd\u683c\u5f0f\u7684\u6a21\u677f\uff09\u751f\u6210\u54cd\u5e94\u7684\u673a\u5236\u3002\r\n\r\nRails Action Pack\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6570\u636e\u6cc4\u9732\u7ed9\u540e\u7eed\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rails Action Pack\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-13387\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rails Action Pack \u003c7.0.2.1",
      "Rails Action Pack \u003c6.1.4.5",
      "Rails Action Pack \u003c6.0.4.5",
      "Rails Action Pack \u003c5.2.6.1"
    ]
  },
  "referenceLink": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da",
  "serverity": "\u4e2d",
  "submitTime": "2022-02-15",
  "title": "Rails Action Pack\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-13387\uff09"
}

CVE-2022-23633 (GCVE-0-2022-23633)

Vulnerability from cvelistv5

Published

2022-02-11 00:00

Modified

2024-08-03 03:51

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

References

▼	URL	Tags
	https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
	https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
	http://www.openwall.com/lists/oss-security/2022/02/11/5	mailing-list
	https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html	mailing-list
	https://www.debian.org/security/2023/dsa-5372	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240119-0013/

Impacted products

	Vendor	Product	Version
	rails	rails	Version: >= 7.0.0.0, < 7.0.2.1 Version: >= 6.1.0.0, < 6.1.4.5 Version: >= 6.0.0.0, < 6.0.4.5 Version: >= 5.0.0, < 5.2.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:44.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da"
          },
          {
            "name": "[oss-security] 20220211 [CVE-2022-23633] Possible exposure of information vulnerability in Action Pack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/11/5"
          },
          {
            "name": "[debian-lts-announce] 20220903 [SECURITY] [DLA 3093-1] rails security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"
          },
          {
            "name": "DSA-5372",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5372"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0013/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rails",
          "vendor": "rails",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0.0.0, \u003c 7.0.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.1.0.0, \u003c 6.1.4.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0.0, \u003c 6.0.4.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.2.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T16:06:28.821144",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9"
        },
        {
          "url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da"
        },
        {
          "name": "[oss-security] 20220211 [CVE-2022-23633] Possible exposure of information vulnerability in Action Pack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/11/5"
        },
        {
          "name": "[debian-lts-announce] 20220903 [SECURITY] [DLA 3093-1] rails security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"
        },
        {
          "name": "DSA-5372",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5372"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240119-0013/"
        }
      ],
      "source": {
        "advisory": "GHSA-wh98-p28r-vrc9",
        "discovery": "UNKNOWN"
      },
      "title": "Exposure of sensitive information in Action Pack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23633",
    "datePublished": "2022-02-11T00:00:00",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-03T03:51:44.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted