CVE-2018-16476 – activejob: Information Exposure through deserialization using GlobalId
https://notcve.org/view.php?id=CVE-2018-16476
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. Una vulnerabilidad del Control de acceso roto en las versiones de Trabajo activo> = versión 4.2.0 permite a un atacante crear una entrada de usuario que puede hacer que el Trabajo activo lo deserialice con GlobalId y les dé acceso a la información que no deberían tener. Esta vulnerabilidad se ha corregido en las versiones 4.2.11, 5.0.7.1, 5.1.6.1 y 5.2.1.1. A deserialization flaw, leading to an information exposure flaw, was found in the activejob component used by Red Hat CloudForms and Red Hat Satellite. • https://access.redhat.com/errata/RHSA-2019:0600 https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released https://access.redhat.com/security/cve/CVE-2018-16476 https://bugzilla.redhat.com/show_bug.cgi?id=1659223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVE-2018-16477
https://notcve.org/view.php?id=CVE-2018-16477
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1. Una vulnerabilidad de omisión en Active Storage >= versión 5.2.0 de Google Cloud Storage and Disk services, permite a un atacante modificar los parámetros `content-disposition` y` content-type` que se pueden usar con archivos HTML y ejecutarlos en línea. Además, si se combina con otras técnicas como el bombardeo de cookies y los manifiestos de AppCache especialmente creados, un atacante puede obtener acceso a URL firmadas privadas dentro de una ruta de almacenamiento específica. • https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •