Ubuntu.comUB:CVE-2024-32978CVE-2024-32978
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Kaminari is a paginator for web app frameworks and object relational
mappings. A security vulnerability involving insecure file permissions has
been identified in the Kaminari pagination library for Ruby on Rails,
concerning insecure file permissions. This vulnerability is of moderate
severity due to the potential for unauthorized write access to particular
Ruby files managed by the library. Such access could lead to the alteration
of application behavior or data integrity issues. Users of affected
versions are advised to update to Kaminari version 1.2.2 or later, where
file permissions have been adjusted to enhance security. If upgrading is
not feasible immediately, review and adjust the file permissions for
particular Ruby files in Kaminari to ensure they are only accessible by
authorized user.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | ruby-kaminari | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | ruby-kaminari | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | ruby-kaminari | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | ruby-kaminari | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | ruby-kaminari | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | ruby-kaminari | < any | UNKNOWN |
Related
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%