CVE-2018-3760
rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
Existe una vulnerabilidad de fuga de información en Sprockets. Versiones afectadas: 4.0.0.beta7 y anteriores, 3.7.1 y anteriores y 2.12.4 y anteriores. Las peticiones especialmente manipuladas se pueden utilizar para acceder a archivos que existen en el sistema de archivos que está fuera del directorio root de la aplicación, cuando el servidor de Sprockets se utiliza en producción. Todos los usuarios que ejecuten una distribución afectada deben actualizarla o utilizar una de las alternativas inmediatamente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-28 CVE Reserved
- 2018-06-26 CVE Published
- 2019-10-21 First Exploit
- 2024-01-20 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (11)
| URL | Date | SRC |
|---|---|---|
| https://github.com/mpgn/CVE-2018-3760 | 2019-10-21 | |
| https://github.com/cyberharsh/Ruby-On-Rails-Path-Traversal-Vulnerability-CVE-2018-3760- | 2020-08-10 |
| URL | Date | SRC |
|---|---|---|
| https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ | 2019-10-09 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2244 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:2245 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:2561 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:2745 | 2019-10-09 | |
| https://www.debian.org/security/2018/dsa-4242 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2018-3760 | 2018-09-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1593058 | 2018-09-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.5 Search vendor "Redhat" for product "Cloudforms" and version "4.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.6 Search vendor "Redhat" for product "Cloudforms" and version "4.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.7 Search vendor "Redhat" for product "Enterprise Linux" and version "6.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.3 Search vendor "Redhat" for product "Enterprise Linux" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.4 Search vendor "Redhat" for product "Enterprise Linux" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.5 Search vendor "Redhat" for product "Enterprise Linux" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.6 Search vendor "Redhat" for product "Enterprise Linux" and version "7.6" | - |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | >= 2.0.0 <= 2.12.4 Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.0.0 <= 2.12.4" | - |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | >= 3.0.0 <= 3.7.1 Search vendor "Sprockets Project" for product "Sprockets" and version " >= 3.0.0 <= 3.7.1" | - |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta1 |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta2 |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta3 |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta4 |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta5 |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta6 |
Affected
| ||||||
| Sprockets Project Search vendor "Sprockets Project" | Sprockets Search vendor "Sprockets Project" for product "Sprockets" | 4.0.0 Search vendor "Sprockets Project" for product "Sprockets" and version "4.0.0" | beta7 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||