GitHub Advisory DatabaseGHSA-C92M-RRRC-Q5WFsafemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.01 Low
EPSS
Percentile
83.3%
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
Affected configurations
References
projects.theforeman.org/issues/14635
rubysec.com/advisories/CVE-2016-3693/
theforeman.org/security.html#2016-3693
www.openwall.com/lists/oss-security/2016/04/20/8
access.redhat.com/errata/RHSA-2018:0336
github.com/advisories/GHSA-c92m-rrrc-q5wf
github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2
nvd.nist.gov/vuln/detail/CVE-2016-3693
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.01 Low
EPSS
Percentile
83.3%