GSD-2021-21288

Vulnerability from gsd - Updated: 2021-02-08 00:00
Details
### Impact [CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. ### Patches Upgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or [1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2). ### Workarounds Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server without access to any internal network resources or cloud metadata access.
Aliases
Aliases
CVE-2021-21288
To clipboard 

{
  "GSD": {
    "alias": "CVE-2021-21288",
    "description": "CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.",
    "id": "GSD-2021-21288"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "carrierwave",
            "purl": "pkg:gem/carrierwave"
          }
        }
      ],
      "aliases": [
        "CVE-2021-21288",
        "GHSA-fwcm-636p-68r5"
      ],
      "details": "### Impact\n[CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location\nhas an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use\nand gather information about the Intranet infrastructure of the platform.\n\n### Patches\nUpgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or\n[1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).\n\n### Workarounds\nUsing proper network segmentation and applying the principle of least privilege to outbound connections from application\nservers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server\nwithout access to any internal network resources or cloud metadata access.",
      "id": "GSD-2021-21288",
      "modified": "2021-02-08T00:00:00.000Z",
      "published": "2021-02-08T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Server-side request forgery in CarrierWave"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-21288",
        "STATE": "PUBLIC",
        "TITLE": "Server-side request forgery in CarrierWave"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "carrierwave",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.3.2"
                        },
                        {
                          "version_value": "\u003e= 2.0.0, \u003c 2.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "carrierwaveuploader"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-918: Server-Side Request Forgery (SSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5",
            "refsource": "CONFIRM",
            "url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
          },
          {
            "name": "https://rubygems.org/gems/carrierwave/",
            "refsource": "MISC",
            "url": "https://rubygems.org/gems/carrierwave/"
          },
          {
            "name": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0",
            "refsource": "MISC",
            "url": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0"
          },
          {
            "name": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08",
            "refsource": "MISC",
            "url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"
          },
          {
            "name": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08",
            "refsource": "MISC",
            "url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-fwcm-636p-68r5",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2021-21288",
      "cvss_v3": 4.3,
      "date": "2021-02-08",
      "description": "### Impact\n[CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location\nhas an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use\nand gather information about the Intranet infrastructure of the platform.\n\n### Patches\nUpgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or\n[1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).\n\n### Workarounds\nUsing proper network segmentation and applying the principle of least privilege to outbound connections from application\nservers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server\nwithout access to any internal network resources or cloud metadata access.",
      "gem": "carrierwave",
      "ghsa": "fwcm-636p-68r5",
      "patched_versions": [
        "~\u003e 1.3.2",
        "\u003e= 2.1.1"
      ],
      "title": "Server-side request forgery in CarrierWave",
      "url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.3.2||\u003e=2.0.1 \u003c2.1.1",
          "affected_versions": "All versions before 1.3.2, all versions starting from 2.0.1 before 2.1.1",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-918",
            "CWE-937"
          ],
          "date": "2021-02-12",
          "description": "In CarrierWave, the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform.",
          "fixed_versions": [
            "1.3.2",
            "2.1.1"
          ],
          "identifier": "CVE-2021-21288",
          "identifiers": [
            "CVE-2021-21288",
            "GHSA-fwcm-636p-68r5"
          ],
          "not_impacted": "All versions starting from 1.3.2 before 2.0.1, all versions starting from 2.1.1",
          "package_slug": "gem/carrierwave",
          "pubdate": "2021-02-08",
          "solution": "Upgrade to versions 1.3.2, 2.1.1 or above.",
          "title": "Server-Side Request Forgery (SSRF)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-21288"
          ],
          "uuid": "af28f83b-3183-4747-a606-3cadd950300e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:carrierwave_project:carrierwave:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:carrierwave_project:carrierwave:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.1",
                "versionStartIncluding": "2.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21288"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-918"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://rubygems.org/gems/carrierwave/",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://rubygems.org/gems/carrierwave/"
            },
            {
              "name": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"
            },
            {
              "name": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0"
            },
            {
              "name": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"
            },
            {
              "name": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-02-12T16:30Z",
      "publishedDate": "2021-02-08T20:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.