Описание
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Отчет
Red Hat Satellite and Red Hat CloudForms do not ship vulnerable versions of RubyGem Rails hence not affected to the flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-gemset | Not affected | ||
| Red Hat Satellite 6 | tfm-ror52-rubygem-rails | Not affected | ||
| Red Hat Satellite 6.9 for RHEL 7 | ansible-collection-redhat-satellite | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-foreman_scap_client | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-satellite-receptor-installer | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansible-runner | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | candlepin | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | createrepo_c | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | foreman | Fixed | RHSA-2021:1313 | 21.04.2021 |
Показывать по
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
A denial of service vulnerability exists in Rails <6.0.3.2 that allowe ...
Untrusted users can run pending migrations in production in Rails
Уязвимость программной платформы Ruby on Rails, связанная с неправильной авторизацией, позволяющая нарушителю вызвать отказ в обслуживании
7.1 High
CVSS3