6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.8%
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.
Versions Affected: rails <= 6.0.3
Not affected: Applications which don’t use rails-ujs.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
This is a regression of CVE-2015-1840.
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.
To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.
For example, code like this:
link_to params
to code like this:
link_to filtered_params
def filtered_params
# Filter just the parameters that you trust
end
CPE | Name | Operator | Version |
---|---|---|---|
actionview | le | 6.0.3 | |
actionview | le | 5.2.4.2 |
github.com/advisories/GHSA-xq5j-gw7f-jgj8
github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
hackerone.com/reports/189878
nvd.nist.gov/vuln/detail/CVE-2020-8167
www.debian.org/security/2020/dsa-4766
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.8%