Lucene search
K

4 matches found

NVD
NVD
added 2019/04/26 3:29 p.m.21 views

CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

8.8CVSS8.7AI score0.01573EPSS
Exploits0References4
CVE
CVE
added 2019/04/26 2:3 p.m.91 views

CVE-2015-9284

CVE-2015-9284 describes a CSRF vulnerability in the OAuth/OmniAuth request phase for the Ruby gem (1.9.1 and earlier) used with Rails. The issue allows a malicious actor to connect a secondary account without user intent, enabling sign-in as the user’s primary account. Affected component: OmniAut...

8.8CVSS8.5AI score0.01573EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/04/26 2:3 p.m.24 views

CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

8.6AI score0.01573EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/04/26 2:3 p.m.15 views

CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

8.8CVSS8.7AI score0.01573EPSS
Exploits0
Rows per page
Query Builder