Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3881

Опубликовано: 23 мая 2018
Источник: redhat
CVSS3: 6.7
EPSS Низкий

Описание

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

Отчет

The version of rubygem-bundler provided in 'Red Hat Gluster Storage 3' does not contain the vulnerable functionality and is not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 2backendAffected
Red Hat Enterprise Linux 7rubygem-bundlerNot affected
Red Hat Enterprise Linux 8ruby:2.5/rubygem-bundlerAffected
Red Hat Software Collectionsrh-ruby23-rubygem-bundlerNot affected
Red Hat Software Collectionsrh-ruby24-rubygem-bundlerNot affected
Red Hat Software Collectionsrh-ruby25-rubygem-bundlerWill not fix
Red Hat Software Collectionsrh-ruby27-rubyNot affected
Red Hat Storage 3rubygem-bundlerNot affected
Red Hat Subscription Asset Managerruby193-rubygem-bundlerNot affected
Red Hat Subscription Asset Managerrubygem-bundlerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-427
https://bugzilla.redhat.com/show_bug.cgi?id=1651826rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code

EPSS

Процентиль: 43%
0.00206
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3881

CVSS3: 7.8
ubuntu
около 5 лет назад

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

nvd логотип

CVE-2019-3881

CVSS3: 7.8
nvd
около 5 лет назад

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

debian логотип

CVE-2019-3881

CVSS3: 7.8
debian
около 5 лет назад

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ...

suse-cvrf логотип

openSUSE-SU-2020:0861-1

suse-cvrf
около 5 лет назад

Security update for rubygem-bundler

suse-cvrf логотип

openSUSE-SU-2020:0803-1

suse-cvrf
больше 5 лет назад

Security update for rubygem-bundler

EPSS

Процентиль: 43%
0.00206
Низкий

6.7 Medium

CVSS3