Immunity CanvasRAILS_ACCEPT_READFILEImmunity Canvas: RAILS_ACCEPT_READFILE
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
| Name | rails_accept_readfile |
|---|---|
| CVE | CVE-2019-5418 Exploit Pack |
| VENDOR: Rails | |
| NOTES: |
The vulnerability resides in Action View in combination with calls to ‘render file:’ in a controller.
You need to place in the corresponding textfield the path to the controller that uses ‘render file’
in a similar way to the code below:
class HelloController < ApplicationController
def index
render file: “#{Rails.root}/some/file”
end
end
Vulnerable Rails versions:
- < 5.2.2.1
- < 5.1.6.2
- < 5.0.7.2
- < 4.2.11.1
Tested on:
- Ubuntu 18.10, Rails 5.2.1
Repeatability: Infinite
References: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5418
Date public: 13/03/2019
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N