Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8166

Опубликовано: 18 мая 2020
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-amazon-smartstateNot affected
CloudForms Management Engine 5cfme-gemsetWill not fix
Red Hat Satellite 6.9 for RHEL 7ansible-collection-redhat-satelliteFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansiblerole-foreman_scap_clientFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansiblerole-insights-clientFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansiblerole-satellite-receptor-installerFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansible-runnerFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7candlepinFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7createrepo_cFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7foremanFixedRHSA-2021:131321.04.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1843152rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token

EPSS

Процентиль: 48%
0.00243
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8166

CVSS3: 4.3
ubuntu
около 5 лет назад

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

nvd логотип

CVE-2020-8166

CVSS3: 4.3
nvd
около 5 лет назад

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

debian логотип

CVE-2020-8166

CVSS3: 4.3
debian
около 5 лет назад

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 th ...

suse-cvrf логотип

SUSE-SU-2024:0103-1

suse-cvrf
больше 1 года назад

Security update for rubygem-actionpack-5_1

github логотип

GHSA-jp5v-5gx4-jmj9

CVSS3: 4.3
github
около 5 лет назад

Ability to forge per-form CSRF tokens in Rails

EPSS

Процентиль: 48%
0.00243
Низкий

3.7 Low

CVSS3

Уязвимость CVE-2020-8166