Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45674

HistoryFeb 28, 2024 - 9:45 a.m.

Session Token Disclosure

2024-02-2809:45:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

activestorage

sensitive information disclosure

set-cookie

rails

proxy

session disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

10.3%

activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user.

References

discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433

github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3

github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g

github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml

security.netapp.com/advisory/ntap-20240510-0013/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

10.3%

Related for VERACODE:45674

rubygems2 vulnrichment1 redhatcve1 osv2 github1 prion1 ibm1 gitlab1 cve1 githubexploit1 debiancve1 ubuntucve1 cvelist1 nvd1 redos1