10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.9%
The remote host is affected by the vulnerability described in GLSA-202003-09 (OpenID library for Ruby: Server-Side Request Forgery)
It was discovered that OpenID library for Ruby performed discovery first, and then verification.
Impact :
A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server not publicly accessible.
In addition, if the client that uses this library discloses connection errors, this in turn could disclose information from the private server to the attacker.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202003-09.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('compat.inc');
if (description)
{
script_id(134586);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/22");
script_cve_id("CVE-2019-11027");
script_xref(name:"GLSA", value:"202003-09");
script_name(english:"GLSA-202003-09 : OpenID library for Ruby: Server-Side Request Forgery");
script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202003-09
(OpenID library for Ruby: Server-Side Request Forgery)
It was discovered that OpenID library for Ruby performed discovery
first, and then verification.
Impact :
A remote attacker could possibly change the URL used for discovery and
trick the server into connecting to the URL. This server in turn could be
a private server not
publicly accessible.
In addition, if the client that uses this library discloses connection
errors, this in turn could disclose information from the private server
to the attacker.
Workaround :
There is no known workaround at this time.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-09");
script_set_attribute(attribute:"solution", value:
"All ruby-openid users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-ruby/ruby-openid-2.9.2'");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11027");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/10");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ruby-openid");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"dev-ruby/ruby-openid", unaffected:make_list("ge 2.9.2"), vulnerable:make_list("lt 2.9.2"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenID library for Ruby");
}
Vendor | Product | Version | CPE |
---|---|---|---|
gentoo | linux | ruby-openid | p-cpe:/a:gentoo:linux:ruby-openid |
gentoo | linux | cpe:/o:gentoo:linux |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.9%