CVE-2024-26144
Possible Sensitive Session Information Leak in Active Storage
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.
Rails es un framework de aplicación web. A partir de la versión 5.2.0, existe una posible fuga de información confidencial de la sesión en Active Storage. De forma predeterminada, Active Storage envía un encabezado Set-Cookie junto con la cookie de sesión del usuario cuando sirve blobs. También configura Cache-Control como público. Ciertos servidores proxy pueden almacenar en caché la Set-Cookie, lo que provoca una fuga de información. La vulnerabilidad se solucionó en 7.0.8.1 y 6.1.7.7.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-02-14 CVE Reserved
- 2024-02-27 CVE Published
- 2024-06-11 EPSS Updated
- 2024-07-03 First Exploit
- 2024-08-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
URL | Date | SRC |
---|---|---|
https://github.com/gmo-ierae/CVE-2024-26144-test | 2024-07-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rails Search vendor "Rails" | Rails Search vendor "Rails" for product "Rails" | >= 5.2.0.0 < 6.1.7.7 Search vendor "Rails" for product "Rails" and version " >= 5.2.0.0 < 6.1.7.7" | en |
Affected
| ||||||
Rails Search vendor "Rails" | Rails Search vendor "Rails" for product "Rails" | >= 7.0.0.0 < 7.0.8.1 Search vendor "Rails" for product "Rails" and version " >= 7.0.0.0 < 7.0.8.1" | en |
Affected
|