Sensitive Information Disclosure

2023-12-1808:42:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

activeadmin

vulnerability

sensitive information disclosure

concurrency issue

export data

private data

attacker

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

activeadmin is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to a concurrency issue wherein a malicious user is able to access private data of another user. The export data feature is affected, caused by a variable holding collection to be exported which is not properly synchronized . An attacker can view potential sensitive information of another user by exploiting this vulnerability.