Authorization Bypass

2019-05-0204:53:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

ruby is vulnerable to authorization bypass. A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent.

CPENameOperatorVersion
openshift-origin-cartridge-ruby-1.8eq1.0.5__1.el6op
openshift-origin-cartridge-ruby-1.8eq1.0.4__1.el6op
rubygem-openshift-origin-auth-remote-usereq1.0.3__1.el6op
rubygem-openshift-origin-auth-remote-usereq1.0.4__2.el6op
ruby193-rubygem-activemodeleq3.2.8__1.el6
openshift-origin-cartridge-mysql-5.1eq1.0.4__1.el6op
ruby193-rubygem-actionpackeq3.2.8__1.el6
ruby193-rubygem-actionpackeq3.2.8__2.el6
openshift-origin-brokereq1.0.10__1.el6op
openshift-origin-brokereq1.0.1__1.el6op

Name	Operator	Version
openshift-origin-cartridge-ruby-1.8	eq	1.0.5__1.el6op
openshift-origin-cartridge-ruby-1.8	eq	1.0.4__1.el6op
rubygem-openshift-origin-auth-remote-user	eq	1.0.3__1.el6op
rubygem-openshift-origin-auth-remote-user	eq	1.0.4__2.el6op
ruby193-rubygem-activemodel	eq	3.2.8__1.el6
openshift-origin-cartridge-mysql-5.1	eq	1.0.4__1.el6op
ruby193-rubygem-actionpack	eq	3.2.8__1.el6
ruby193-rubygem-actionpack	eq	3.2.8__2.el6
openshift-origin-broker	eq	1.0.10__1.el6op
openshift-origin-broker	eq	1.0.1__1.el6op