Vulnerability-Lookup

CVE-2020-8165 (GCVE-0-2020-8165)

Vulnerability from cvelistv5 – Published: 2020-06-19 17:05 – Updated: 2025-05-09 20:03

Summary

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502 - Deserialization of Untrusted Data (CWE-502)

Assigner

hackerone

References

9 references

URL	Tags
https://hackerone.com/reports/413388	x_refsource_MISC
https://groups.google.com/g/rubyonrails-security/…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://weblog.rubyonrails.org/2020/5/18/Rails-5-…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2020/dsa-4766	vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.netapp.com/advisory/ntap-2025050…

Impacted products

1 product

Vendor	Product	Version
n/a	https://github.com/rails/rails	Affected: Fixed in 5.2.4.3, 6.0.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-09T20:03:28.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/413388"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
          },
          {
            "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
          },
          {
            "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
          },
          {
            "name": "DSA-4766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4766"
          },
          {
            "name": "openSUSE-SU-2020:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1679",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250509-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 5.2.4.3, 6.0.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "Deserialization of Untrusted Data (CWE-502)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-17T11:06:36.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/413388"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
        },
        {
          "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
        },
        {
          "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
        },
        {
          "name": "DSA-4766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4766"
        },
        {
          "name": "openSUSE-SU-2020:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1679",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 5.2.4.3, 6.0.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Deserialization of Untrusted Data (CWE-502)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/413388",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/413388"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
            },
            {
              "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
            },
            {
              "name": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
              "refsource": "CONFIRM",
              "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
            },
            {
              "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4766"
            },
            {
              "name": "openSUSE-SU-2020:1677",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1679",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8165",
    "datePublished": "2020-06-19T17:05:30.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2025-05-09T20:03:28.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-8165",
      "date": "2026-06-05",
      "epss": "0.90128",
      "percentile": "0.99606"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8165\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-06-19T18:15:11.067\",\"lastModified\":\"2025-05-09T20:15:36.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de deserializaci\u00f3n de datos no confiables en rails versiones anteriores a 5.2.4.3, rails versiones anteriores a 6.0.3.1, que puede permitir a un atacante desarmar los objetos proporcionados por el usuario en MemCacheStore y RedisCacheStore, lo que podr\u00eda generar un RCE\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.4.3\",\"matchCriteriaId\":\"4357891D-A07C-4E1B-B540-92D6C477E7BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.3.1\",\"matchCriteriaId\":\"12B5617A-91AC-4B94-BE1A-057DBF322808\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/413388\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4766\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/413388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20250509-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-1093

Vulnerability from csaf_certbund - Published: 2020-05-18 22:00 - Updated: 2024-01-15 23:00

Summary

Ruby on Rails: Mehrere Schwachstellen

Severity

Kritisch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby on Rails ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, beliebigen Programmcode auszuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2020-8162

Es existiert eine Schwachstelle in Ruby on Rails im "ActiveStorage's S3" Adapter. Sie ist auf eine mögliche Manipulation der Dateilänge durch den Angreifer zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Affected products

Known affected 3 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
HCL BigFix HCL	`cpe:/a:hcltech:bigfix:-`	—

CVE-2020-8164

Es existiert eine Schwachstelle in Ruby on Rails in der Komponente ActionPack in "Strong Parameters". Teilweise können Informationen von "Strong Parameters" eingesehen werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

CVE-2020-8165

Es existiert eine Schwachstelle in Ruby on Rails in den Komponenten "MemCacheStore" und "RedisCacheStore". Sie ist auf Fehler beim "unmarshalling" von Benutzereingaben zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

CVE-2020-8166

Es existiert eine Schwachstelle in Ruby on Rails, welche darin besteht, dass CRSF-Tokens vom Angreifer umgeschrieben werden können. Dafür benötigt der Angreifer ein valides globales CSRF-Token. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

CVE-2020-8167

Es existiert eine CSRF-Schwachstelle in Ruby on Rails in der Komponente "rails-ujs". Sie ermöglicht es einem Angreifer, ein Token zu einer von ihm definierten Domain zu senden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

References

15 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://weblog.rubyonrails.org/2020/5/18/Rails-5-…	external
https://lists.debian.org/debian-lts-announce/2020…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
https://www.debian.org/security/2020/dsa-4766	external
http://lists.suse.com/pipermail/sle-security-upda…	external
https://support.hcltechsw.com/csm?id=kb_article&s…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://github.com/hybryx/CVE-2020-8165	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby on Rails ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1093 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-1093.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1093 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1093"
      },
      {
        "category": "external",
        "summary": "Rails 5.2.4.3 and 6.0.3.1 have been released vom 2020-05-18",
        "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2282 vom 2020-07-20",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00013.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2710-1 vom 2020-09-22",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007453.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4766 vom 2020-09-25",
        "url": "https://www.debian.org/security/2020/dsa-4766"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2899-1 vom 2020-10-13",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007539.html"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0084266 vom 2020-10-14",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084266"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2929-1 vom 2020-10-15",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007578.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3036-1 vom 2020-10-26",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007625.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3147-1 vom 2020-11-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007691.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3160-1 vom 2020-11-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007702.html"
      },
      {
        "category": "external",
        "summary": "Exploit CVE-2020-8165 vom 2021-01-03",
        "url": "https://github.com/hybryx/CVE-2020-8165"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2059-1 vom 2023-04-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014619.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0103-1 vom 2024-01-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017656.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Ruby on Rails: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-15T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:50:05.078+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1093",
      "initial_release_date": "2020-05-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-05-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-07-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-09-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-09-24T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-10-13T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-10-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2020-10-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-10-26T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-04T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-05T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-01-03T23:00:00.000+00:00",
          "number": "11",
          "summary": "Exploit f\u00fcr CVE-2020-8165 aufgenommen"
        },
        {
          "date": "2023-04-27T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-01-15T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL BigFix",
            "product": {
              "name": "HCL BigFix",
              "product_id": "T017494",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltech:bigfix:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Ruby on Rails \u003c 5.2.4.3",
                "product": {
                  "name": "Open Source Ruby on Rails \u003c 5.2.4.3",
                  "product_id": "T016560",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:5.2.4.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Ruby on Rails \u003c 6.0.3.1",
                "product": {
                  "name": "Open Source Ruby on Rails \u003c 6.0.3.1",
                  "product_id": "T016561",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:6.0.3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ruby on Rails"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8162",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Ruby on Rails im \"ActiveStorage\u0027s S3\" Adapter. Sie ist auf eine m\u00f6gliche Manipulation der Dateil\u00e4nge durch den Angreifer zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T017494"
        ]
      },
      "release_date": "2020-05-18T22:00:00.000+00:00",
      "title": "CVE-2020-8162"
    },
    {
      "cve": "CVE-2020-8164",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Ruby on Rails in der Komponente ActionPack in \"Strong Parameters\". Teilweise k\u00f6nnen Informationen von \"Strong Parameters\" eingesehen werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207"
        ]
      },
      "release_date": "2020-05-18T22:00:00.000+00:00",
      "title": "CVE-2020-8164"
    },
    {
      "cve": "CVE-2020-8165",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Ruby on Rails in den Komponenten \"MemCacheStore\" und \"RedisCacheStore\". Sie ist auf Fehler beim \"unmarshalling\" von Benutzereingaben zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207"
        ]
      },
      "release_date": "2020-05-18T22:00:00.000+00:00",
      "title": "CVE-2020-8165"
    },
    {
      "cve": "CVE-2020-8166",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Ruby on Rails, welche darin besteht, dass CRSF-Tokens vom Angreifer umgeschrieben werden k\u00f6nnen. Daf\u00fcr ben\u00f6tigt der Angreifer ein valides globales CSRF-Token. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207"
        ]
      },
      "release_date": "2020-05-18T22:00:00.000+00:00",
      "title": "CVE-2020-8166"
    },
    {
      "cve": "CVE-2020-8167",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine CSRF-Schwachstelle in Ruby on Rails in der Komponente \"rails-ujs\". Sie erm\u00f6glicht es einem Angreifer, ein Token zu einer von ihm definierten Domain zu senden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207"
        ]
      },
      "release_date": "2020-05-18T22:00:00.000+00:00",
      "title": "CVE-2020-8167"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8165 (GCVE-0-2020-8165)

WID-SEC-W-2023-1093

Tags

Sightings

Nomenclature