CVE-2018-16477 — Sensitive Information Exposure in Rails

CWE-200 — Sensitive Information Exposure8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 50.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rubyonrails Rails Rails Activestorage Https Github.com Rails Rails

Timeline

PublishedNov 30

Latest updateDec 13

Description

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶RubyGemsrails/activestorage5.2.0 — 5.2.1.1

▶NVDrubyonrails/rails5.2.0 — 5.2.1.1

▶Debianrubyonrails/rails< 2:5.2.2+dfsg-1+3

▶CVEListV5https/github.com_rails_rails5.2.0 and later and before 5.2.1.1

🔴Vulnerability Details

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in activestorage↗2018-12-05

▶

OSV

Exposure of Sensitive Information to an Unauthorized Actor in activestorage↗2018-12-05

▶

CVEList

CVE-2018-16477: A bypass vulnerability in Active Storage >= 5↗2018-11-30

▶

OSV

CVE-2018-16477: A bypass vulnerability in Active Storage >= 5↗2018-11-30

▶

📋Vendor Advisories

Debian

CVE-2018-16477: rails - A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and D...↗2018

▶

💬Community

Bugzilla

CVE-2018-16477 rubygem-activestorage: bypass vulnerability in Google Cloud Storage and Disk services↗2018-12-13

▶

Bugzilla

CVE-2018-16477 rubygem-activestorage: bypass vulnerability in Google Cloud Storage and Disk services [fedora-all]↗2018-12-13

▶