Lucene search
Redhat.comRH:CVE-2023-38037HistoryAug 31, 2023 - 12:12 p.m.
CVE-2023-38037
2023-08-3112:12:59
redhat.com
access.redhat.com
9
activesupport
rubygem
temporary file
information disclosure
umask
An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system.
Mitigation
To work around this issue, users can set their umask to be more restrictive:
$ umask 0077
Related
github
github
Active Support Possibly Discloses Locally Encrypted Files
2023-08-23 20:36:24
cgr
cgr
CVE-2023-38037 vulnerabilities
2024-05-19 03:07:16
osv
osv
Active Support Possibly Discloses Locally Encrypted Files
2023-08-23 20:36:24
CGA-x3h9-rj6j-hmh9
2024-06-06 12:29:53
ruby3.3-rubygem-activesupport-7.0-7.0.8.4-1.1 on GA media
2024-06-24 00:00:00
gitlab
gitlab
Active Support Possibly Discloses Locally Encrypted Files
2023-08-23 00:00:00
veracode
veracode
Locally Encrypted File Disclosure
2023-08-25 03:54:47
openvas
openvas
openSUSE: Security Advisory for rubygem (openSUSE-SU-2023:0350)
2024-03-04 00:00:00
rubygems
rubygems
Possible File Disclosure of Locally Encrypted Files
2023-08-22 21:00:00
debiancve
debiancve
CVE-2023-38037
2023-08-23 09:26:34
nessus
nessus
openSUSE 15 Security Update : rubygem-activesupport-5.2 (openSUSE-SU-2023:0350-1)
2023-11-05 00:00:00
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
2024-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2023-38037
2023-09-11 00:00:00
wolfi
wolfi
CVE-2023-38037 vulnerabilities
2024-09-21 03:21:11
redhat
redhat
(RHSA-2024:2010) Important: Satellite 6.15.0 release
2024-04-23 17:00:52
Related for RH:CVE-2023-38037