Lucene search

K

CVE-2021-28680

πŸ—“οΈΒ 07 Dec 2021Β 21:08:15Reported byΒ mitreTypeΒ 
cve
Β cve
πŸ”—Β web.nvd.nist.govπŸ‘Β 52Β Views🌐 3Β Media mentions

The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used

Show more
Related
Detection
Refs
Social
ReporterTitlePublishedViews
Family
Prion
Code injection
7 Dec 202121:15
–prion
Cvelist
CVE-2021-28680
7 Dec 202120:32
–cvelist
CNVD
Alexandr Korsak Devise Masquerade has an unspecified vulnerability
8 Dec 202100:00
–cnvd
OSV
Improper Privilege Management in devise_masquerade
8 Dec 202119:55
–osv
OSV
CVE-2021-28680
7 Dec 202121:15
–osv
NVD
CVE-2021-28680
7 Dec 202121:15
–nvd
RubySec
Improper Privilege Management in devise_masquerade
7 Dec 202121:00
–rubygems
Github Security Blog
Improper Privilege Management in devise_masquerade
8 Dec 202119:55
–github
Veracode
Man-in-the-Middle (MitM)
8 Dec 202103:32
–veracode
Nvd

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
07 Dec 2021 21:15Current
8.0High risk
Vulners AI Score8.0
CVSS26.8
CVSS38.1
EPSS0.003
52
.json
Report