CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8264
https://notcve.org/view.php?id=CVE-2020-8264
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. En actionpack gem versiones posteriores a 6.0.0 incluyéndola, se presenta una posible vulnerabilidad de tipo XSS cuando una aplicación se ejecuta en modo development permitiendo a un atacante enviar o insertar (en otra página) una URL especialmente diseñada que puede permitir al atacante ejecutar JavaScript en el contexto de la aplicación local. Esta vulnerabilidad se encuentra en el middleware de Excepciones Accionables • https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ https://hackerone.com/reports/904059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-8166 – rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token
https://notcve.org/view.php?id=CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. Se presenta una vulnerabilidad de falsificación CSRF en rails versiones anteriores a 5.2.5, rails versiones anteriores a 6.0.4 que hace posible para un atacante, dado un token CSRF global como el presente en la etiqueta meta de authenticity_token, forjar un token CSRF per-form A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw https://hackerone.com/reports/732415 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8166 https://bugzilla.redhat.com/show_bug.cgi?id=1843152 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8185 – rubygem-rails: untrusted users able to run pending migrations in production
https://notcve.org/view.php?id=CVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. Se presenta una vulnerabilidad de denegación de servicio en Rails versiones anteriores a 6.0.3.2, que permitió a un usuario no confiable ejecutar cualquier migración pendiente en una aplicación Rails que se ejecuta en producción • https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 https://hackerone.com/reports/899069 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB https://access.redhat.com/security/cve/CVE-2020-8185 https://bugzilla.redhat.com/show_bug.cgi?id=1852380 • CWE-250: Execution with Unnecessary Privileges CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-8167 – rubygem-actionview: CSRF vulnerability in rails-ujs
https://notcve.org/view.php?id=CVE-2020-8167
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. Se presenta una vulnerabilidad de tipo CSRF en el módulo rails versiones anteriores a 6.0.3 incluyéndola, rails-ujs que podría permitir a atacantes enviar tokens CSRF a dominios incorrectos A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0 https://hackerone.com/reports/189878 https://www.debian.org/security/2020/dsa-4766 https://access.redhat.com/security/cve/CVE-2020-8167 https://bugzilla.redhat.com/show_bug.cgi?id=1843084 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 66%CPEs: 7EXPL: 7CVE-2020-8165 – rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
https://notcve.org/view.php?id=CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. Se presenta una vulnerabilidad de deserialización de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que puede permitir a un atacante desarmar los objetos proporcionados por el usuario en MemCacheStore y RedisCacheStore, lo que podría generar un RCE A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the `raw: true` parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/masahiro331/CVE-2020-8165 https://github.com/hybryx/CVE-2020-8165 https://github.com/progfay/CVE-2020-8165 https://github.com/AssassinUKG/CVE-2020-8165 https://github.com/taipansec/CVE-2020-8165 https://github.com/umiterkol/CVE-2020-8165--Auto-Shell http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c ht • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •