cbcvebase.
CVE-2020-8184
published 2020-06-19

CVE-2020-8184: A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
2.94%
85.4th percentile
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianphp7.4< php7.4 7.4.11-1 (bullseye)php7.4 7.4.11-1 (bullseye)
debianruby-rack< ruby-rack 2.1.1-6 (bookworm)ruby-rack 2.1.1-6 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
httpsgithub.com_rack_rack
opensuseleap
opensuseleap
phpphp>= 7.2.0 < 7.2.347.2.34
phpphp>= 7.3.0 < 7.3.237.3.23
phpphp>= 7.4.0 < 7.4.117.4.11
php_groupphp>= 7.2.x < 7.2.347.2.34
php_groupphp>= 7.3.x < 7.3.237.3.23
php_groupphp>= 7.4.x < 7.4.117.4.11
rackrack>= 0 < 2.1.42.1.4
rackrack>= 2.2.0 < 2.2.32.2.3
rack_projectrack< 2.1.42.1.4
rack_projectrack>= 2.2.0 < 2.2.32.2.3

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
ghsa5.3MEDIUM
osv8.6HIGH
vendor_ubuntu8.6HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.