Authentication Bypass in Devise

🗓️ 11 Sep 2019 23:57:06Reported by GitHub Advisory DatabaseType

Issue in Plataformatec Devise confirming accounts with blank confirmation token colum

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
NVD	CVE-2019-16109	8 Sep 201920:15	–	nvd
UbuntuCve	CVE-2019-16109	8 Sep 201900:00	–	ubuntucve
OSV	Authentication Bypass in Devise	11 Sep 201923:06	–	osv
OSV	CVE-2019-16109	8 Sep 201920:15	–	osv
Prion	Cross site request forgery (csrf)	8 Sep 201920:15	–	prion
RubySec	Devise Gem for Ruby confirmation token validation with a blank string	7 Sep 201921:00	–	rubygems
Cvelist	CVE-2019-16109	8 Sep 201919:57	–	cvelist
CVE	CVE-2019-16109	8 Sep 201920:15	–	cve
Veracode	Insecure Account Confirmation Mechanism	9 Sep 201908:27	–	veracode

Vulners

Node

plataformatec deviseRange<4.7.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-16109
github	www.github.com/plataformatec/devise/compare/v4.7.0...v4.7.1
github	www.github.com/plataformatec/devise/issues/5071
github	www.github.com/plataformatec/devise/pull/5132
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/CVE-2019-16109.yml
github	www.github.com/advisories/GHSA-fcjw-8rhj-gwwc

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Sep 2019 23:06Current

1.5Low risk

Vulners AI Score1.5

CVSS25

CVSS35.3

EPSS0.00297

CWE-284