Lucene search

Veracode Vulnerability DatabaseVERACODE:45674

HistoryFeb 28, 2024 - 9:45 a.m.

Session Token Disclosure

2024-02-2809:45:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

activestorage

sensitive information disclosure

set-cookie

rails

proxy

session disclosure

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user.

CPENameOperatorVersion
activestoragele7.0.8
activestoragele6.1.7.6
activestoragele7.0.8
activestoragele6.1.7.6

Name	Operator	Version
activestorage	le	7.0.8
activestorage	le	6.1.7.6
activestorage	le	7.0.8
activestorage	le	6.1.7.6

References

discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433

github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3

github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g

github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml

security.netapp.com/advisory/ntap-20240510-0013/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for VERACODE:45674