CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-8166 – rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token
https://notcve.org/view.php?id=CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. Se presenta una vulnerabilidad de falsificación CSRF en rails versiones anteriores a 5.2.5, rails versiones anteriores a 6.0.4 que hace posible para un atacante, dado un token CSRF global como el presente en la etiqueta meta de authenticity_token, forjar un token CSRF per-form A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw https://hackerone.com/reports/732415 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8166 https://bugzilla.redhat.com/show_bug.cgi?id=1843152 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 96%CPEs: 2EXPL: 5CVE-2020-8163 – Rails 5.0.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8163
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. Se trata de una vulnerabilidad de inyección de código en versiones de Rails anteriores a 5.0.1, que permitiría a un atacante que controlara el argumento "locals" de una llamada "render" para realizar un RCE • https://www.exploit-db.com/exploits/48716 https://github.com/lucasallan/CVE-2020-8163 https://github.com/h4ms1k/CVE-2020-8163 https://github.com/TK-Elliot/CVE-2020-8163 http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 https://hackerone.com/reports/304805 https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8185 – rubygem-rails: untrusted users able to run pending migrations in production
https://notcve.org/view.php?id=CVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. Se presenta una vulnerabilidad de denegación de servicio en Rails versiones anteriores a 6.0.3.2, que permitió a un usuario no confiable ejecutar cualquier migración pendiente en una aplicación Rails que se ejecuta en producción • https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 https://hackerone.com/reports/899069 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB https://access.redhat.com/security/cve/CVE-2020-8185 https://bugzilla.redhat.com/show_bug.cgi?id=1852380 • CWE-250: Execution with Unnecessary Privileges CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-8167 – rubygem-actionview: CSRF vulnerability in rails-ujs
https://notcve.org/view.php?id=CVE-2020-8167
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. Se presenta una vulnerabilidad de tipo CSRF en el módulo rails versiones anteriores a 6.0.3 incluyéndola, rails-ujs que podría permitir a atacantes enviar tokens CSRF a dominios incorrectos A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0 https://hackerone.com/reports/189878 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8167 https://bugzilla.redhat.com/show_bug.cgi?id=1843084 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 66%CPEs: 7EXPL: 7CVE-2020-8165 – rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
https://notcve.org/view.php?id=CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. Se presenta una vulnerabilidad de deserialización de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que puede permitir a un atacante desarmar los objetos proporcionados por el usuario en MemCacheStore y RedisCacheStore, lo que podría generar un RCE A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the `raw: true` parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/masahiro331/CVE-2020-8165 https://github.com/hybryx/CVE-2020-8165 https://github.com/progfay/CVE-2020-8165 https://github.com/AssassinUKG/CVE-2020-8165 https://github.com/taipansec/CVE-2020-8165 https://github.com/umiterkol/CVE-2020-8165--Auto-Shell http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c ht • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •