Описание
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This issue affects the version of rubygem-activesupport as shipped with Red Hat Gluster Storage 3. However, the 'raw' option is not used by the product when storing untrusted user input and hence this issue has been rated as having a security impact of Low. Red Hat Satellite ship affected RubyGem ActiveSupport and use RedisCacheStore, however, unmarshalling of user-provided objects is handled well in product code hence it is not vulnerable to the flaw. We may update the Ruby on Rails and rails-core dependency in a future release. in OpenShift Container Platform 3.11, rubygem-activesupport is shipped, and it's included in the logging-fluentd container for use by rubygem-kubeclient [1]. The kubeclient gem does NOT make use of the vulnerable class, its only included for the inflector part of activesupport.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-amazon-smartstate | Not affected | ||
| CloudForms Management Engine 5 | cfme-gemset | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | system | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | rubygem-activesupport | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-fluentd | Not affected | ||
| Red Hat Storage 3 | rubygem-activesupport | Affected | ||
| Red Hat Satellite 6.9 for RHEL 7 | ansible-collection-redhat-satellite | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-foreman_scap_client | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-satellite-receptor-installer | Fixed | RHSA-2021:1313 | 21.04.2021 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
A deserialization of untrusted data vulnernerability exists in rails < ...
9.8 Critical
CVSS3