CVE-2020-8166
rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Se presenta una vulnerabilidad de falsificación CSRF en rails versiones anteriores a 5.2.5, rails versiones anteriores a 6.0.4 que hace posible para un atacante, dado un token CSRF global como el presente en la etiqueta meta de authenticity_token, forjar un token CSRF per-form
A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-28 CVE Reserved
- 2020-07-02 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/732415 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw | 2020-11-20 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2020/dsa-4766 | 2020-11-20 | |
| https://access.redhat.com/security/cve/CVE-2020-8166 | 2021-04-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1843152 | 2021-04-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | < 5.2.4.3 Search vendor "Rubyonrails" for product "Rails" and version " < 5.2.4.3" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | >= 6.0.0 < 6.0.3.1 Search vendor "Rubyonrails" for product "Rails" and version " >= 6.0.0 < 6.0.3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||