14 matches found
RHEL 7 : CloudForms 4.6.9 (RHSA-2019:0600)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0600 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...
Fedora Update for rubygem-activejob FEDORA-2019-d0af506401
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : rubygem-activejob-5_1 (openSUSE-2019-982)
This update for rubygem-activejob-51 fixes the following issues : Security issue fixed : - CVE-2018-16476: Fixed broken access control vulnerability bsc1117632. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
Moderate: Red Hat Security Advisory: CloudForms 4.6.9 security, bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Fedora 28 : rubygem-activejob (2019-31e6f6e545)
Fix information exposure through deserialization using GlobalId CVE-2018-16476. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
SUSE-SU-2019:0152-1 Security update for rubygem-activejob-4_2
This update for rubygem-activejob-42 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability bsc1117632...
SUSE SLED15 / SLES15 Security Update : rubygem-activejob-5_1 (SUSE-SU-2018:3996-1)
This update for rubygem-activejob-51 fixes the following issues : Security issue fixed : CVE-2018-16476: Fixed broken access control vulnerability bsc1117632. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
openSUSE: Security Advisory for rubygem-activejob-5_1 (openSUSE-SU-2018:4041-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : rubygem-activejob-5_1 (openSUSE-2018-1502)
This update for rubygem-activejob-51 fixes the following issues : Security issue fixed : - CVE-2018-16476: Fixed broken access control vulnerability bsc1117632. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
SUSE-SU-2018:3996-1 Security update for rubygem-activejob-5_1
This update for rubygem-activejob-51 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability bsc1117632...
FreeBSD : Rails -- Active Job vulnerability (f96044a2-7df9-414b-9f6b-6e5b85d06c86)
Ruby on Rails blog : Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job : Carefully crafted user input ca...
CVE-2018-16476
The CVE-2018-16476 issue affects Ruby on Rails’ Active Job integration via deserialization using GlobalId, exposing information due to a broken access control in Active Job (versions >= 4.2.0). Public sources note vulnerable components include rubygem-activejob and related Rails frameworks, wi...
Broken Access Control vulnerability in Active Job
There is a vulnerability in Active Job. This vulnerability has been assigned the CVE identifier CVE-2018-16476. Versions Affected: = 4.2.0 Not affected: 4.2.0 Fixed Versions: 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1 Impact ------ Carefully crafted user input can cause Active Job to deserialize it using...
Rails -- Active Job vulnerability
Ruby on Rails blog: Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible CVE-2018-16476 Broken Access Control vulnerability in Active Job: Carefully crafted user input can...