Page 2 of 33 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-8166 – rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token

https://notcve.org/view.php?id=CVE-2020-8166

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. Se presenta una vulnerabilidad de falsificación CSRF en rails versiones anteriores a 5.2.5, rails versiones anteriores a 6.0.4 que hace posible para un atacante, dado un token CSRF global como el presente en la etiqueta meta de authenticity_token, forjar un token CSRF per-form A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw https://hackerone.com/reports/732415 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8166 https://bugzilla.redhat.com/show_bug.cgi?id=1843152 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 96%CPEs: 2EXPL: 5

CVE-2020-8163 – Rails 5.0.1 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. Se trata de una vulnerabilidad de inyección de código en versiones de Rails anteriores a 5.0.1, que permitiría a un atacante que controlara el argumento "locals" de una llamada "render" para realizar un RCE • https://www.exploit-db.com/exploits/48716 https://github.com/lucasallan/CVE-2020-8163 https://github.com/h4ms1k/CVE-2020-8163 https://github.com/TK-Elliot/CVE-2020-8163 http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 https://hackerone.com/reports/304805 https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-8167 – rubygem-actionview: CSRF vulnerability in rails-ujs

https://notcve.org/view.php?id=CVE-2020-8167

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. Se presenta una vulnerabilidad de tipo CSRF en el módulo rails versiones anteriores a 6.0.3 incluyéndola, rails-ujs que podría permitir a atacantes enviar tokens CSRF a dominios incorrectos A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0 https://hackerone.com/reports/189878 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8167 https://bugzilla.redhat.com/show_bug.cgi?id=1843084 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 66%CPEs: 7EXPL: 7

CVE-2020-8165 – rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

https://notcve.org/view.php?id=CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. Se presenta una vulnerabilidad de deserialización de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que puede permitir a un atacante desarmar los objetos proporcionados por el usuario en MemCacheStore y RedisCacheStore, lo que podría generar un RCE A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the `raw: true` parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/masahiro331/CVE-2020-8165 https://github.com/hybryx/CVE-2020-8165 https://github.com/progfay/CVE-2020-8165 https://github.com/AssassinUKG/CVE-2020-8165 https://github.com/taipansec/CVE-2020-8165 https://github.com/umiterkol/CVE-2020-8165--Auto-Shell http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c ht • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2020-8164 – rubygem-actionpack: possible strong parameters bypass

https://notcve.org/view.php?id=CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. Se presenta una vulnerabilidad de deserialización de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que pueden permitir a un atacante suministrar información en la que pueden ser filtrados inadvertidamente parámetros fromStrong A flaw was found in rubygem-actionpack. Untrusted hashes of data is possible for values of `each`, `each_value`, and `each_pair` which can lead to cases of user supplied information being leaked from Strong Parameters. Applications that use these hashes may inadvertently use untrusted user input. The highest risk from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY https://hackerone.com/reports/292797 https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html https://www.debian.org/security/2020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •