The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
Prion | Code injection | 7 Dec 202121:15 | β | prion |
Cvelist | CVE-2021-28680 | 7 Dec 202120:32 | β | cvelist |
CNVD | Alexandr Korsak Devise Masquerade has an unspecified vulnerability | 8 Dec 202100:00 | β | cnvd |
OSV | Improper Privilege Management in devise_masquerade | 8 Dec 202119:55 | β | osv |
OSV | CVE-2021-28680 | 7 Dec 202121:15 | β | osv |
NVD | CVE-2021-28680 | 7 Dec 202121:15 | β | nvd |
RubySec | Improper Privilege Management in devise_masquerade | 7 Dec 202121:00 | β | rubygems |
Github Security Blog | Improper Privilege Management in devise_masquerade | 8 Dec 202119:55 | β | github |
Veracode | Man-in-the-Middle (MitM) | 8 Dec 202103:32 | β | veracode |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo