Описание
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
A flaw was found in rubygem-omniauth. The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework. Accounts are allowed to be connected without user intent, user interaction, or feedback to the user which permits a secondary account to be able to sign into the web application as the primary account. The highest threat from this vulnerability is to data confidentiality and integrity.
Отчет
Red Hat CloudForms 4.5 is on maintenance support phase, thus only critical issues will be fixed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-gemset | Will not fix |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...
OmniAuth Ruby gem Cross-site Request Forgery in request phase
8.1 High
CVSS3