Lucene search
PRIOn knowledge basePRION:CVE-2019-5420HistoryMar 27, 2019 - 2:29 p.m.
Remote code execution
2019-03-2714:29:00
PRIOn knowledge base
www.prio-n.com
9
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 8.0 | |
| fedora | eq | 30 | |
| rails | lt | 5.2.2.1 | |
| rails | eq | 6.0.0 beta1 | |
| rails | eq | 6.0.0 beta2 |
References
packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html
groups.google.com/forum/
lists.fedoraproject.org/archives/list/[email protected]/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
www.exploit-db.com/exploits/46785/
Related
veracode
veracode
Remote Code Execution (RCE)
2019-03-14 02:16:39
cve
cve
CVE-2019-5420
2019-03-27 14:29:01
debiancve
debiancve
CVE-2019-5420
2019-03-27 14:29:01
rapid7blog
rapid7blog
[Security Nation] Jeremi Gosney on the Psychology of Password Hygiene
2022-10-26 18:05:14
hackerone
hackerone
packetstorm
packetstorm
metasploit
metasploit
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
2019-04-25 19:30:46
github
github
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
2019-03-13 17:28:35
redhatcve
redhatcve
CVE-2019-5420
2019-03-15 10:49:54
checkpoint_advisories
checkpoint_advisories
Ruby on Rails Active Storage Insecure Deserialization (CVE-2019-5420)
2019-06-26 00:00:00
githubexploit
githubexploit
Exploit for Use of Insufficiently Random Values in Rubyonrails Rails
2019-03-27 18:16:46
Exploit for Use of Insufficiently Random Values in Rubyonrails Rails
2021-05-11 11:32:18
Exploit for Use of Insufficiently Random Values in Rubyonrails Rails
2021-09-06 12:28:05
osv
osv
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
2019-03-13 17:28:35
CVE-2019-5420
2019-03-27 14:29:01
cvelist
cvelist
CVE-2019-5420
2019-03-27 13:48:13
nvd
nvd
CVE-2019-5420
2019-03-27 14:29:01
zdt
zdt
attackerkb
attackerkb
Ruby on Rails DoubleTap Development Mode secret_key_base Vulnerability
2019-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2019-5420
2019-03-27 00:00:00
exploitdb
exploitdb
rubygems
rubygems
Possible Remote Code Execution Exploit in Rails Development Mode
2019-03-12 21:00:00
canvas
canvas
Immunity Canvas: RAILS_ACTIVESTORAGE_RCE
2019-03-27 14:29:00
openvas
openvas
Fedora Update for rubygem-activejob FEDORA-2019-1cfe24db5c
2019-05-10 00:00:00
Fedora Update for rubygem-actioncable FEDORA-2019-1cfe24db5c
2019-05-10 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2019-1cfe24db5c
2019-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: rubygem-actionmailer-5.2.3-1.fc30
2019-05-10 00:48:41
[SECURITY] Fedora 30 Update: rubygem-actionview-5.2.3-2.fc30
2019-05-10 00:48:41
[SECURITY] Fedora 30 Update: rubygem-activestorage-5.2.3-1.fc30
2019-05-10 00:48:41
nessus
nessus
Fedora 30 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2019-1cfe24db5c)
2019-05-10 00:00:00
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)
2020-12-09 00:00:00
openSUSE Security Update : rmt-server (openSUSE-2020-2000)
2020-11-24 00:00:00
suse
suse
Security update for rmt-server (important)
2020-11-23 00:00:00
Security update for rmt-server (important)
2020-11-21 00:00:00