9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%
With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
All users running an affected release should either upgrade or use one of the workarounds immediately.
The 6.0.0.beta3 and 5.2.2.1 releases are available at the normal locations.
This issue can be mitigated by specifying a secret key in development mode.
In “config/environments/development.rb” add this:
config.secret_key_base = SecureRandom.hex(64)
Please note that only the 5.2.x, 5.1.x, 5.0.x, and 4.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
Thanks to ooooooo_q
packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html
github.com/advisories/GHSA-m42h-mh85-4qgc
github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml
groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw
lists.fedoraproject.org/archives/list/[email protected]/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
nvd.nist.gov/vuln/detail/CVE-2019-5420
weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
www.exploit-db.com/exploits/46785/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%