Lucene search
GoogleOSV:GHSA-8JHX-9GF4-HHF5HistorySep 27, 2019 - 8:01 p.m.
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
2019-09-2720:01:00
Google
osv.dev
6
0.006 Low
EPSS
Percentile
79.3%
With the consul ruby gem before 1.0.3, if a controller checks multiple powers using :if or :except conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions.
References
github.com/makandra/consul
github.com/makandra/consul/issues/49
github.com/rubysec/ruby-advisory-db/blob/c26fbc13435b8be448ad59131428538049d165e4/gems/consul/CVE-2019-16377.yml
github.com/rubysec/ruby-advisory-db/blob/master/gems/consul/CVE-2019-16377.yml
nvd.nist.gov/vuln/detail/CVE-2019-16377
rubygems.org/gems/consul
Related
prion
prion
Improper access control
2019-09-23 16:15:00
cve
cve
CVE-2019-16377
2019-09-23 16:15:15
osv
osv
CVE-2019-16377
2019-09-23 16:15:15
cvelist
cvelist
CVE-2019-16377
2019-09-23 15:08:39
github
github
nvd
nvd
CVE-2019-16377
2019-09-23 16:15:15
veracode
veracode
Authentication Bypass
2019-09-24 00:51:38