CVE-2019-5420
Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
12
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Una vulnerabilidad de ejecución remota de código en el modo de desarrollo de Rails, en versiones anteriores a la 5.2.2.1 y la 6.0.0.beta3, podría permitir que un atacante adivine el token secreto del modo de desarrollo generado automáticamente. Este token secreto puede emplearse en combinación con otros internals de Rails para escalar a un exploit de ejecución remota de código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-04 CVE Reserved
- 2019-03-21 First Exploit
- 2019-03-27 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46785 | 2024-08-04 | |
| https://github.com/knqyf263/CVE-2019-5420 | 2019-03-21 | |
| https://github.com/j4k0m/CVE-2019-5420 | 2021-09-07 | |
| https://github.com/laffray/ruby-RCE-CVE-2019-5420- | 2022-07-02 | |
| https://github.com/scumdestroy/CVE-2019-5420.rb | 2021-05-11 | |
| https://github.com/trickstersec/CVE-2019-5420 | 2022-03-14 | |
| https://github.com/Eremiel/CVE-2019-5420 | 2021-01-20 | |
| https://github.com/PenTestical/CVE-2019-5420 | 2022-06-06 | |
| https://github.com/AnasTaoutaou/CVE-2019-5420 | 2021-01-11 | |
| https://github.com/CyberSecurityUP/CVE-2019-5420-POC | 2022-01-30 | |
| https://github.com/mmeza-developer/CVE-2019-5420-RCE | 2021-11-06 | |
| http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | < 5.2.2.1 Search vendor "Rubyonrails" for product "Rails" and version " < 5.2.2.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 6.0.0 Search vendor "Rubyonrails" for product "Rails" and version "6.0.0" | beta1 |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 6.0.0 Search vendor "Rubyonrails" for product "Rails" and version "6.0.0" | beta2 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||