exploitDog

CVE-2023-50448

Опубликовано: 28 дек. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.

Ссылки

https://github.com/activeadmin/activeadmin/pull/7336
Issue Tracking
Patch
https://github.com/activeadmin/activeadmin/security/advisories/GHSA-356j-hg45-x525
Vendor Advisory
https://github.com/activeadmin/activeadmin/pull/7336
Issue Tracking
Patch
https://github.com/activeadmin/activeadmin/security/advisories/GHSA-356j-hg45-x525
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:activeadmin:activeadmin:*:*:*:*:*:ruby:*:*

Версия до 2.12.0 (исключая)

EPSS

Процентиль: 71%

0.00696

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-1236

Связанные уязвимости

GHSA-356j-hg45-x525

CVSS3: 8.4

github

около 2 лет назад

Potential CSV export data leak

EPSS

Процентиль: 71%

0.00696

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-1236