Vulnerability-Lookup

CVE-2020-8166 (GCVE-0-2020-8166)

Vulnerability from cvelistv5 – Published: 2020-07-02 18:35 – Updated: 2024-08-04 09:48

Summary

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

Severity ?

No CVSS data available.

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) (CWE-352)

Assigner

hackerone

References

URL

	Vendor	Product	Version
	n/a	https://github.com/rails/rails	Affected: Fixed in 5.2.4.3, 6.0.3.1

CERTFR-2020-AVI-301

Vulnerability from certfr_avis - Published: 2020-05-19 - Updated: 2020-05-19

De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ruby on Rails	Ruby on Rails	Ruby on Rails versions 6.x antérieures à 6.0.3.1
	Ruby on Rails	Ruby on Rails	Ruby on Rails versions 5.x antérieures à 5.2.4.3

References

Title

Publication Time

CNVD-2020-32423

Vulnerability from cnvd - Published: 2020-06-11

Title

Ruby on Rails跨站请求伪造漏洞（CNVD-2020-32423）

Description

Ruby on Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails 5.2.5之前版本和6.0.4之前版本中存在跨站请求伪造漏洞，该漏洞源于WEB应用未充分验证请求是否来自可信用户，攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。

Severity

中

Patch Name

Ruby on Rails跨站请求伪造漏洞（CNVD-2020-32423）的补丁

Patch Description

Ruby on Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails 5.2.5之前版本和6.0.4之前版本中存在跨站请求伪造漏洞，该漏洞源于WEB应用未充分验证请求是否来自可信用户，攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/

Reference

https://www.auscert.org.au/bulletins/ESB-2020.1780/

Impacted products

Name
['Ruby Ruby on Rails <5.2.5', 'Ruby Ruby on Rails <6.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8166"
    }
  },
  "description": "Ruby on Rails\u662fRails\u56e2\u961f\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\n\nRuby on Rails 5.2.5\u4e4b\u524d\u7248\u672c\u548c6.0.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d7\u5f71\u54cd\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u975e\u9884\u671f\u7684\u8bf7\u6c42\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-32423",
  "openTime": "2020-06-11",
  "patchDescription": "Ruby on Rails\u662fRails\u56e2\u961f\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\r\n\r\nRuby on Rails 5.2.5\u4e4b\u524d\u7248\u672c\u548c6.0.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d7\u5f71\u54cd\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u975e\u9884\u671f\u7684\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ruby on Rails\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2020-32423\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ruby Ruby on Rails \u003c5.2.5",
      "Ruby Ruby on Rails \u003c6.0.4"
    ]
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.1780/",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-21",
  "title": "Ruby on Rails\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2020-32423\uff09"
}

GSD-2020-8166

Vulnerability from gsd - Updated: 2020-05-18 00:00

Details

It is possible to possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session. Versions Affected: rails < 5.2.5, rails < 6.0.4 Not affected: Applications without existing HTML injection vulnerabilities. Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1 Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session. Workarounds ----------- This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

Aliases

CVE-2020-8166

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8166",
    "description": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.",
    "id": "GSD-2020-8166",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-8166.html",
      "https://www.debian.org/security/2020/dsa-4766",
      "https://access.redhat.com/errata/RHSA-2021:1313"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "actionpack",
            "purl": "pkg:gem/actionpack"
          }
        }
      ],
      "aliases": [
        "CVE-2020-8166",
        "GHSA-jp5v-5gx4-jmj9"
      ],
      "details": "It is possible to possible to, given a global CSRF token such as the one\npresent in the authenticity_token meta tag, forge a per-form CSRF token for\nany action for that session.\n\nVersions Affected:  rails \u003c 5.2.5, rails \u003c 6.0.4\nNot affected:       Applications without existing HTML injection vulnerabilities.\nFixed Versions:     rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1\n\nImpact\n------\n\nGiven the ability to extract the global CSRF token, an attacker would be able to\nconstruct a per-form CSRF token for that session.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily\nuntil such time as the application can be upgraded.\n",
      "id": "GSD-2020-8166",
      "modified": "2020-05-18T00:00:00.000Z",
      "published": "2020-05-18T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Ability to forge per-form CSRF tokens given a global CSRF token"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2020-8166",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "https://github.com/rails/rails",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Fixed in 5.2.4.3, 6.0.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://hackerone.com/reports/732415",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/732415"
          },
          {
            "name": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
          },
          {
            "name": "DSA-4766",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4766"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2020-8166",
      "cvss_v3": 4.3,
      "date": "2020-05-18",
      "description": "It is possible to possible to, given a global CSRF token such as the one\npresent in the authenticity_token meta tag, forge a per-form CSRF token for\nany action for that session.\n\nVersions Affected:  rails \u003c 5.2.5, rails \u003c 6.0.4\nNot affected:       Applications without existing HTML injection vulnerabilities.\nFixed Versions:     rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1\n\nImpact\n------\n\nGiven the ability to extract the global CSRF token, an attacker would be able to\nconstruct a per-form CSRF token for that session.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily\nuntil such time as the application can be upgraded.\n",
      "framework": "rails",
      "gem": "actionpack",
      "ghsa": "jp5v-5gx4-jmj9",
      "patched_versions": [
        "~\u003e 5.2.4, \u003e= 5.2.4.3",
        "\u003e= 6.0.3.1"
      ],
      "title": "Ability to forge per-form CSRF tokens given a global CSRF token",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c5.2.4.3||\u003e=6.0.0 \u003c6.0.3.1||=10.0",
          "affected_versions": "All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1, version 10.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-937"
          ],
          "date": "2020-11-20",
          "description": "A CSRF forgery vulnerability exists in rails, rails that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.",
          "fixed_versions": [
            "5.2.4.3",
            "6.0.3.1"
          ],
          "identifier": "CVE-2020-8166",
          "identifiers": [
            "CVE-2020-8166"
          ],
          "not_impacted": "All versions starting from 5.2.4.3 before 6.0.0, all versions starting from 6.0.3.1 before 10.0, all versions after 10.0",
          "package_slug": "gem/actionpack",
          "pubdate": "2020-07-02",
          "solution": "Upgrade to versions 5.2.4.3, 6.0.3.1 or above.",
          "title": "Cross-Site Request Forgery (CSRF)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-8166",
            "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
            "https://hackerone.com/reports/732415",
            "https://www.debian.org/security/2020/dsa-4766"
          ],
          "uuid": "a13dc08d-0ef1-4f27-87b6-717c9ed8200a"
        },
        {
          "affected_range": "\u003c5.2.4.3||\u003e=6.0.0 \u003c6.0.3.1",
          "affected_versions": "All versions before 5.2.4.3, all versions starting from 6.0.0 before 6.0.3.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-937"
          ],
          "date": "2020-11-20",
          "description": "A CSRF vulnerability exists in rails that makes it possible for an attacker to, given a global CSRF token such as the one present in the `authenticity_token` meta tag, forge a per-form CSRF token.",
          "fixed_versions": [
            "5.2.4.3",
            "6.0.3.1"
          ],
          "identifier": "CVE-2020-8166",
          "identifiers": [
            "CVE-2020-8166"
          ],
          "not_impacted": "All versions starting from 5.2.4.3 before 6.0.0, all versions starting from 6.0.3.1",
          "package_slug": "gem/rails",
          "pubdate": "2020-07-02",
          "solution": "Upgrade to versions 5.2.4.3, 6.0.3.1 or above.",
          "title": "Cross-Site Request Forgery (CSRF)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-8166"
          ],
          "uuid": "d8ff425a-89bf-483c-89cf-28b3e43ecc98"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.3.1",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2020-8166"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
            },
            {
              "name": "https://hackerone.com/reports/732415",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://hackerone.com/reports/732415"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4766"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-11-20T17:47Z",
      "publishedDate": "2020-07-02T19:15Z"
    }
  }
}

CVE-2020-8166

Vulnerability from fstec - Published: 02.07.2020

Title

Уязвимость программной платформы Ruby on Rails, связанная с подделкой межсайтовых запросов, позволяющая нарушителю подделать действующий токен CSRF

Description

Уязвимость программной платформы Ruby on Rails связана с подделкой межсайтовых запросов в метатеге authenticity_token. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, подделать действующий токен CSRF

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vendor

Novell Inc., Сообщество свободного программного обеспечения, Rails Core Team, ООО «Ред Софт», Red Hat Inc.

Software Name

OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Module for Server Applications, SUSE Linux Enterprise Module for Public Cloud, Debian GNU/Linux, SUSE Enterprise Storage, SUSE Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, openSUSE Tumbleweed, SUSE Manager Proxy, SUSE Manager Retail Branch Server, SUSE Manager Server, Ruby on Rails, SUSE Linux Enterprise High Availability Extension, РЕД ОС (запись в едином реестре российских программ №3751), Red Hat Satellite

Software Version

15.5 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 10 (Debian GNU/Linux), 6 (SUSE Enterprise Storage), 15-ESPOS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (Suse Linux Enterprise Server), - (openSUSE Tumbleweed), 15 SP2 (SUSE Linux Enterprise Module for Server Applications), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Linux Enterprise Module for Public Cloud), 4.0 (SUSE Manager Proxy), 4.0 (SUSE Manager Retail Branch Server), 4.0 (SUSE Manager Server), до 5.2.4.3 (Ruby on Rails), от 6.0.0 до 6.0.3.1 (Ruby on Rails), 15 SP3 (SUSE Linux Enterprise Module for Server Applications), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 15 SP3 (SUSE Linux Enterprise High Availability Extension), 7.3 (РЕД ОС), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 7 (SUSE Enterprise Storage), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 4.1 (SUSE Manager Retail Branch Server), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Retail Branch Server), 15 SP3 (SUSE Linux Enterprise Module for Public Cloud), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Public Cloud), 15 SP4 (SUSE Linux Enterprise Module for Server Applications), 7.1 (SUSE Enterprise Storage), 15 SP1 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (SUSE Linux Enterprise High Availability Extension), 15 SP2 (SUSE Linux Enterprise High Availability Extension), 15 SP4 (SUSE Linux Enterprise High Availability Extension), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Public Cloud), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise High Availability Extension), 15 SP6 (SUSE Linux Enterprise High Availability Extension), 15 SP6 (SUSE Linux Enterprise Module for Public Cloud), 6.9 for RHEL 7 (Red Hat Satellite), 15 SP7 (SUSE Linux Enterprise High Availability Extension)

Possible Mitigations

Использование рекомендаций: https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw Для РедОС: https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-rubygem-actionpack-cve-2020-8164-cve-2020-8185-cve-2020-8166/?sphrase_id=1076181 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2020-8166 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2020-8166 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2020-8166.html

Reference

https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-rubygem-actionpack-cve-2020-8164-cve-2020-8185-cve-2020-8166/?sphrase_id=1076181 https://security-tracker.debian.org/tracker/CVE-2020-8166 https://access.redhat.com/security/cve/CVE-2020-8166 https://www.suse.com/security/cve/CVE-2020-8166.html

CWE

CWE-352

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Rails Core Team, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Red Hat Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.5 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 10 (Debian GNU/Linux), 6 (SUSE Enterprise Storage), 15-ESPOS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (Suse Linux Enterprise Server), - (openSUSE Tumbleweed), 15 SP2 (SUSE Linux Enterprise Module for Server Applications), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Linux Enterprise Module for Public Cloud), 4.0 (SUSE Manager Proxy), 4.0 (SUSE Manager Retail Branch Server), 4.0 (SUSE Manager Server), \u0434\u043e 5.2.4.3 (Ruby on Rails), \u043e\u0442 6.0.0 \u0434\u043e 6.0.3.1 (Ruby on Rails), 15 SP3 (SUSE Linux Enterprise Module for Server Applications), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 15 SP3 (SUSE Linux Enterprise High Availability Extension), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 7 (SUSE Enterprise Storage), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 4.1 (SUSE Manager Retail Branch Server), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Retail Branch Server), 15 SP3 (SUSE Linux Enterprise Module for Public Cloud), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Public Cloud), 15 SP4 (SUSE Linux Enterprise Module for Server Applications), 7.1 (SUSE Enterprise Storage), 15 SP1 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (SUSE Linux Enterprise High Availability Extension), 15 SP2 (SUSE Linux Enterprise High Availability Extension), 15 SP4 (SUSE Linux Enterprise High Availability Extension), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Public Cloud), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise High Availability Extension), 15 SP6 (SUSE Linux Enterprise High Availability Extension), 15 SP6 (SUSE Linux Enterprise Module for Public Cloud), 6.9 for RHEL 7 (Red Hat Satellite), 15 SP7 (SUSE Linux Enterprise High Availability Extension)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-rubygem-actionpack-cve-2020-8164-cve-2020-8185-cve-2020-8166/?sphrase_id=1076181\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-8166\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-8166\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2020-8166.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.07.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.07.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08595",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8166",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Module for Server Applications, SUSE Linux Enterprise Module for Public Cloud, Debian GNU/Linux, SUSE Enterprise Storage, SUSE Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, openSUSE Tumbleweed, SUSE Manager Proxy, SUSE Manager Retail Branch Server, SUSE Manager Server, Ruby on Rails, SUSE Linux Enterprise High Availability Extension, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Red Hat Satellite",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.5 , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Novell Inc. openSUSE Tumbleweed - , Novell Inc. OpenSUSE Leap 15.2 , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Ruby on Rails, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u0442\u043e\u043a\u0435\u043d CSRF",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Ruby on Rails \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u043c\u0435\u0442\u0430\u0442\u0435\u0433\u0435 authenticity_token. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u0442\u043e\u043a\u0435\u043d CSRF",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-rubygem-actionpack-cve-2020-8164-cve-2020-8185-cve-2020-8166/?sphrase_id=1076181\nhttps://security-tracker.debian.org/tracker/CVE-2020-8166\nhttps://access.redhat.com/security/cve/CVE-2020-8166\nhttps://www.suse.com/security/cve/CVE-2020-8166.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

GHSA-JP5V-5GX4-JMJ9

Vulnerability from github – Published: 2020-05-26 15:11 – Updated: 2023-08-08 15:18

Summary

Ability to forge per-form CSRF tokens in Rails

Details

It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.

Impact

Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.

Workarounds

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.2.4.2"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.3"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-05-26T15:10:56Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.\n\nImpact\n------\n\nGiven the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.",
  "id": "GHSA-jp5v-5gx4-jmj9",
  "modified": "2023-08-08T15:18:54Z",
  "published": "2020-05-26T15:11:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/732415"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ability to forge per-form CSRF tokens in Rails"
}

FKIE_CVE-2020-8166

Vulnerability from fkie_nvd - Published: 2020-07-02 19:15 - Updated: 2024-11-21 05:38

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
support@hackerone.com	https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw	Mailing List, Patch, Third Party Advisory
support@hackerone.com	https://hackerone.com/reports/732415	Exploit, Third Party Advisory
support@hackerone.com	https://www.debian.org/security/2020/dsa-4766	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/732415	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4766	Third Party Advisory

Impacted products

Vendor	Product	Version
rubyonrails	rails	*
rubyonrails	rails	*
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4357891D-A07C-4E1B-B540-92D6C477E7BB",
              "versionEndExcluding": "5.2.4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B5617A-91AC-4B94-BE1A-057DBF322808",
              "versionEndExcluding": "6.0.3.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de falsificaci\u00f3n CSRF en rails versiones anteriores a 5.2.5, rails versiones anteriores a 6.0.4 que hace posible para un atacante, dado un token CSRF global como el presente en la etiqueta meta de authenticity_token, forjar un token CSRF per-form"
    }
  ],
  "id": "CVE-2020-8166",
  "lastModified": "2024-11-21T05:38:25.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-02T19:15:12.513",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/732415"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/732415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4766"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8166 (GCVE-0-2020-8166)

CERTFR-2020-AVI-301

Solution

CNVD-2020-32423

GSD-2020-8166

CVE-2020-8166

GHSA-JP5V-5GX4-JMJ9

Impact

Workarounds

FKIE_CVE-2020-8166

Tags

Sightings

Nomenclature