Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8167

Опубликовано: 18 мая 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-amazon-smartstateNot affected
CloudForms Management Engine 5cfme-gemsetWill not fix
Red Hat Satellite 6.9 for RHEL 7ansible-collection-redhat-satelliteFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansiblerole-foreman_scap_clientFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansiblerole-insights-clientFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansiblerole-satellite-receptor-installerFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7ansible-runnerFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7candlepinFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7createrepo_cFixedRHSA-2021:131321.04.2021
Red Hat Satellite 6.9 for RHEL 7foremanFixedRHSA-2021:131321.04.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1843084rubygem-actionview: CSRF vulnerability in rails-ujs

EPSS

Процентиль: 68%
0.00592
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8167

CVSS3: 6.5
ubuntu
около 5 лет назад

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

nvd логотип

CVE-2020-8167

CVSS3: 6.5
nvd
около 5 лет назад

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

debian логотип

CVE-2020-8167

CVSS3: 6.5
debian
около 5 лет назад

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that co ...

redos логотип

ROS-20250625-04

CVSS3: 6.5
redos
около 1 месяца назад

Уязвимость rubygem-actionview

github логотип

GHSA-xq5j-gw7f-jgj8

CVSS3: 6.5
github
около 5 лет назад

CSRF Vulnerability in rails-ujs

EPSS

Процентиль: 68%
0.00592
Низкий

7.5 High

CVSS3