CVE-2024-26144

Possible Sensitive Session Information Leak in Active Storage

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.

Rails es un framework de aplicación web. A partir de la versión 5.2.0, existe una posible fuga de información confidencial de la sesión en Active Storage. De forma predeterminada, Active Storage envía un encabezado Set-Cookie junto con la cookie de sesión del usuario cuando sirve blobs. También configura Cache-Control como público. Ciertos servidores proxy pueden almacenar en caché la Set-Cookie, lo que provoca una fuga de información. La vulnerabilidad se solucionó en 7.0.8.1 y 6.1.7.7.

A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a `Set-Cookie` header along with the user’s session cookie when serving blobs and sets `Cache-Control` to public. Certain proxies may cache `Set-Cookie`, leading to an information leak.

Multiple security issues were discovered in the Rails web framework which could result cross-site scripting, information disclosure, denial of service or bypass of content security policies.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-14 CVE Reserved
2024-02-27 CVE Published
2024-07-03 First Exploit
2025-02-13 CVE Updated
2025-04-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (9)

URL	Tag	Source
https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945	X_refsource_misc
https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433	X_refsource_misc
https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3	X_refsource_misc
https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g	X_refsource_confirm
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml	X_refsource_misc
https://security.netapp.com/advisory/ntap-20240510-0013

URL	Date	SRC
https://github.com/gmo-ierae/CVE-2024-26144-test	2024-07-03

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26144	2024-12-04
https://bugzilla.redhat.com/show_bug.cgi?id=2266063	2024-12-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rails Search vendor "Rails"		Rails Search vendor "Rails" for product "Rails"				>= 5.2.0.0 < 6.1.7.7 Search vendor "Rails" for product "Rails" and version " >= 5.2.0.0 < 6.1.7.7"		en		Affected
Rails Search vendor "Rails"		Rails Search vendor "Rails" for product "Rails"				>= 7.0.0.0 < 7.0.8.1 Search vendor "Rails" for product "Rails" and version " >= 7.0.0.0 < 7.0.8.1"		en		Affected