MEDIUM 4.3

GHSA-jp5v-5gx4-jmj9

Ability to forge per-form CSRF tokens in Rails

상세

It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.

Impact ------

Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.

Workarounds -----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

RubyGems / actionpack

최초 영향 버전: 5.0.0 수정 버전: 5.2.4.3

수정 bundle update actionpack

RubyGems / actionpack

최초 영향 버전: 6.0.0 수정 버전: 6.0.3.1

수정 bundle update actionpack

참고

https://nvd.nist.gov/vuln/detail/CVE-2020-8166 [ADVISORY]
https://hackerone.com/reports/732415 [WEB]
https://github.com/rails/rails [PACKAGE]
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml [WEB]
https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw [WEB]
https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw [WEB]
https://www.debian.org/security/2020/dsa-4766 [WEB]