CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
kaminari versions prior to 0.16.2 are vulnerable to an Insecure File
Permissions vulnerability, where certain files within the kaminari gem have
insecure file permissions.
Versions Affected: < 0.16.2
Fixed Versions: >= 0.16.2
An attacker with local access could write arbitrary code to the affected files
resulting in arbitrary code execution.
The fixed releases are available at the normal locations.
Manually set the permissions of the affected files to 644
.
lib/kaminari/models/page_scope_methods.rb
spec/models/mongo_mapper/mongo_mapper_spec.rb
spec/models/mongo_mapper/mongo_mapper_spec.rb
spec/models/mongoid/mongoid_spec.rb
spec/models/active_record/scopes_spec.rb
spec/models/mongo_mapper/mongo_mapper_spec.rb
spec/models/mongoid/mongoid_spec.rb
gemfiles/data_mapper_12.gemfile
gemfiles/active_record_32.gemfile