RubySecRUBY:ADMINISTRATE-2020-5257Sort order SQL injection via `direction` parameter in administrate
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
In Administrate (rubygem) before version 0.13.0, when sorting by attributes
on a dashboard, the direction parameter was not validated before being
interpolated into the SQL query.
This could present a SQL injection if the attacker were able to modify the
direction parameter and bypass ActiveRecord SQL protections.
Whilst this does have a high-impact, to exploit this you need access to the
Administrate dashboards, which should generally be behind authentication.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | administrate | * | cpe:2.3:a:ruby:administrate:*:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N