// For flags

CVE-2019-5418

Rails 5.2.1 - Arbitrary File Content Disclosure

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

9
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Existe una vulnerabilidad de Divulgación del contenido del archivo en la Vista de acción versión anterior a .2.2.1, versión anterior a 1.6.2, versión anterior a 5.0.7.2, versión anterior a 4.2.11.1 y v3, donde los encabezados de aceptación especialmente diseñados pueden exponer el contenido de archivos arbitrarios en el sistema de archivos del sistema de destino. .

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain access to the proper files. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Rails version 5.2.1 suffers from an arbitrary file content disclosure vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-04 CVE Reserved
  • 2019-03-18 First Exploit
  • 2019-03-21 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (21)
URL Tag Source
https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html Mailing List
URL Date SRC
https://www.exploit-db.com/exploits/46585 2024-08-04
https://github.com/mpgn/CVE-2019-5418 2019-03-25
https://github.com/brompwnie/CVE-2019-5418-Scanner 2019-03-21
https://github.com/omarkurt/CVE-2019-5418 2019-03-18
https://github.com/takeokunn/CVE-2019-5418 2019-03-30
https://github.com/random-robbie/CVE-2019-5418 2019-11-19
https://github.com/kailing0220/CVE-2019-5418 2022-10-17
https://github.com/ztgrace/CVE-2019-5418-Rails3 2019-10-04
http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html 2024-08-04
URL Date SRC
http://www.openwall.com/lists/oss-security/2019/03/22/1 2023-11-07
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html 2023-11-07
https://access.redhat.com/errata/RHSA-2019:0796 2023-11-07
https://access.redhat.com/errata/RHSA-2019:1147 2023-11-07
https://access.redhat.com/errata/RHSA-2019:1149 2023-11-07
https://access.redhat.com/errata/RHSA-2019:1289 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA 2023-11-07
https://access.redhat.com/security/cve/CVE-2019-5418 2019-05-29
https://bugzilla.redhat.com/show_bug.cgi?id=1689159 2019-05-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 >= 3.0.0 < 4.2.11.1
Search vendor "Rubyonrails" for product "Rails" and version " >= 3.0.0 < 4.2.11.1"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 >= 5.0.0 < 5.0.7.2
Search vendor "Rubyonrails" for product "Rails" and version " >= 5.0.0 < 5.0.7.2"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 >= 5.1.0 < 5.1.6.2
Search vendor "Rubyonrails" for product "Rails" and version " >= 5.1.0 < 5.1.6.2"
-
Affected
Rubyonrails
Search vendor "Rubyonrails"
 Rails
Search vendor "Rubyonrails" for product "Rails"
 >= 5.2.0 < 5.2.2.1
Search vendor "Rubyonrails" for product "Rails" and version " >= 5.2.0 < 5.2.2.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
 Cloudforms
Search vendor "Redhat" for product "Cloudforms"
 4.7
Search vendor "Redhat" for product "Cloudforms" and version "4.7"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 15.0
Search vendor "Opensuse" for product "Leap" and version "15.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Redhat
Search vendor "Redhat"
 Cloudforms
Search vendor "Redhat" for product "Cloudforms"
 4.6
Search vendor "Redhat" for product "Cloudforms" and version "4.6"
-
Affected
Redhat
Search vendor "Redhat"
 Software Collections
Search vendor "Redhat" for product "Software Collections"
 1.0
Search vendor "Redhat" for product "Software Collections" and version "1.0"
-
Affected