Lucene search

K
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-7B94EA7F052DEFEE3E0ACBB3665B37B3
HistoryFeb 12, 2013 - 12:00 a.m.

Circumvention of attr_protected

2013-02-1200:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
14

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

The attr_protected method allows developers to exclude model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

Related for GITLAB-7B94EA7F052DEFEE3E0ACBB3665B37B3