10 matches found
CVE-2023-38037
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...
Low: Red Hat Security Advisory: Logging Subsystem 5.7.10 - Red Hat OpenShift security update
Low: Logging Subsystem 5.7.10 - Red Hat OpenShift security update Red Hat Product Security has rated this update as having a security impact of low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
Rails Security Vulnerabilities
Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails that stems from the possible disclosure of locally encrypted files...
Low: Red Hat Security Advisory: Logging Subsystem 5.8.1- Red Hat OpenShift security update
An update is now available for RHOL-5.8-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...
OPENSUSE-SU-2023:0350-1 Security update for rubygem-activesupport-5.2
This update for rubygem-activesupport-5.2 fixes the following issue: - CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files bsc1214807...
Locally Encrypted File Disclosure
ActiveSupport is vulnerable to Locally Encrypted File Disclosure. The vulnerability exists because the library's temporary file's permissions default to the user's current umask settings, which allows an attacker on the same system to read the contents of the temporary file before it gets encrypt...
GHSA-CR5Q-6Q9F-RQ6Q Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
Possible File Disclosure of Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...