Authorization Bypass

2019-05-0204:53:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

ruby is vulnerable to authorization bypass. A remote attacker can bypass safe-level restrictions and use Exception#to_s to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified.

CPENameOperatorVersion
ruby193-rubygem-actionpackeq3.2.8__1.el6
ruby193-rubygem-actionpackeq3.2.8__2.el6
openshift-origin-cartridge-perl-5.10eq1.0.2__1.el6op
ruby193-rubygem-railtieseq3.2.8__1.el6
openshift-origin-cartridge-ruby-1.8eq1.0.5__1.el6op
openshift-origin-cartridge-ruby-1.8eq1.0.4__1.el6op
openshift-origin-cartridge-jenkins-1.4eq1.0.1__1.el6op
openshift-origin-cartridge-diy-0.1eq1.0.2__1.el6op
phpeq5.3.3__3.el6_2.5
phpeq5.3.3__3.el6_1.3

Name	Operator	Version
ruby193-rubygem-actionpack	eq	3.2.8__1.el6
ruby193-rubygem-actionpack	eq	3.2.8__2.el6
openshift-origin-cartridge-perl-5.10	eq	1.0.2__1.el6op
ruby193-rubygem-railties	eq	3.2.8__1.el6
openshift-origin-cartridge-ruby-1.8	eq	1.0.5__1.el6op
openshift-origin-cartridge-ruby-1.8	eq	1.0.4__1.el6op
openshift-origin-cartridge-jenkins-1.4	eq	1.0.1__1.el6op
openshift-origin-cartridge-diy-0.1	eq	1.0.2__1.el6op
php	eq	5.3.3__3.el6_2.5
php	eq	5.3.3__3.el6_1.3