Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHackeroneCVE-2018-3760
HistoryJun 26, 2018 - 7:29 p.m.

CVE-2018-3760

2018-06-2619:29:00
CWE-200
CWE-22
hackerone
web.nvd.nist.gov
122
cve-2018-3760
sprockets
information leak
vulnerability
file access

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.016

Percentile

87.7%

JSON

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application’s root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

Affected configurations

Nvd
Vulners
Node
redhatcloudformsMatch4.5
OR
redhatcloudformsMatch4.6
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch6.7
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch7.3
OR
redhatenterprise_linuxMatch7.4
OR
redhatenterprise_linuxMatch7.5
OR
redhatenterprise_linuxMatch7.6
Node
sprockets_projectsprocketsRange2.0.0–2.12.4
OR
sprockets_projectsprocketsRange3.0.0–3.7.1
OR
sprockets_projectsprocketsMatch4.0.0beta1
OR
sprockets_projectsprocketsMatch4.0.0beta2
OR
sprockets_projectsprocketsMatch4.0.0beta3
OR
sprockets_projectsprocketsMatch4.0.0beta4
OR
sprockets_projectsprocketsMatch4.0.0beta5
OR
sprockets_projectsprocketsMatch4.0.0beta6
OR
sprockets_projectsprocketsMatch4.0.0beta7
Node
debiandebian_linuxMatch9.0
VendorProductVersionCPE
redhatcloudforms4.5cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*
redhatcloudforms4.6cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux6.7cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux7.3cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
redhatenterprise_linux7.4cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
redhatenterprise_linux7.5cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
redhatenterprise_linux7.6cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
sprockets_projectsprockets*cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

CNA Affected

[
  {
    "product": "Sprockets",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0.beta8, 3.7.2, 2.12.5"
      }
    ]
  }
]

Related

suse 2
openvas 8
ubuntucve 1
debian 3
osv 8
hackerone 1
nuclei 1
nvd 1
rubygems 1
nessus 8
fedora 2
veracode 2
cvelist 1
redhat 4
seebug 1
redhatcve 1
prion 1
debiancve 1
github 1
suse
suse
Security update for rubygem-sprockets (important)
2018-06-29 21:15:11
Security update for rubygem-sprockets (moderate)
2018-07-28 16:02:02
openvas
openvas
Debian: Security Advisory (DLA-1419-1)
2018-07-15 00:00:00
Discourse < 2.2.0.beta2 Information Leak Vulnerability
2019-01-30 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4
2018-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2018-3760
2018-06-26 00:00:00
debian
debian
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
[SECURITY] [DLA-1419-1] ruby-sprockets security update
2018-07-12 09:30:56
osv
osv
ruby-sprockets - security update
2018-07-09 00:00:00
ruby3.2-rubygem-sprockets-3.7-3.7.2-1.20 on GA media
2024-06-15 00:00:00
Sprockets path traversal leads to information leak
2018-06-20 22:18:58
hackerone
hackerone
Ruby on Rails: Path Traversal on Default Installed Rails Application (Asset Pipeline)
2018-01-22 10:42:20
nuclei
nuclei
Ruby On Rails - Local File Inclusion
2020-04-05 18:01:09
nvd
nvd
CVE-2018-3760
2018-06-26 19:29:00
rubygems
rubygems
Path Traversal in Sprockets
2018-06-18 21:00:00
nessus
nessus
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)
2018-07-30 00:00:00
Debian DSA-4242-1 : ruby-sprockets - security update
2018-07-10 00:00:00
Fedora 27 : rubygem-sprockets (2018-fd29597fa4)
2018-07-24 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27
2018-07-14 23:36:29
[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28
2018-07-15 03:33:48
veracode
veracode
Directory Traversal
2018-06-20 08:36:16
Directory Traversal
2019-01-15 09:24:20
cvelist
cvelist
CVE-2018-3760
2018-06-26 19:00:00
redhat
redhat
(RHSA-2018:2244) Important: rh-ror42-rubygem-sprockets security update
2018-07-24 07:16:08
(RHSA-2018:2245) Important: rh-ror50-rubygem-sprockets security update
2018-07-24 07:16:12
(RHSA-2018:2745) Important: CloudForms 4.5.5 security, bug fix and enhancement update
2018-09-26 18:25:56
seebug
seebug
Ruby on Rails θ·―εΎ„η©ΏθΆŠδΈŽδ»»ζ„ζ–‡δ»Άθ―»ε–ζΌζ΄ž(CVE-2018-3760)εˆ†ζž
2018-08-08 00:00:00
redhatcve
redhatcve
CVE-2018-3760
2019-10-09 16:26:49
prion
prion
Information disclosure
2018-06-26 19:29:00
debiancve
debiancve
CVE-2018-3760
2018-06-26 19:29:00
github
github
Sprockets path traversal leads to information leak
2018-06-20 22:18:58

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.016

Percentile

87.7%

JSON
Related for CVE-2018-3760
suse2openvas8ubuntucve1debian3osv8hackerone1nuclei1nvd1rubygems1nessus8fedora2veracode2cvelist1redhat4seebug1redhatcve1prion1debiancve1github1