Lucene search

Veracode Vulnerability DatabaseVERACODE:47231

HistoryMay 29, 2024 - 6:38 a.m.

Incorrect Default Permissions

2024-05-2906:38:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

kaminari

vulnerability

file permissions

unauthorized access

ruby files

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

kaminari is vulnerable to Incorrect Default Permissions. The vulnerability is due to improperly set file permissions that allow unauthorized write access to specific Ruby files managed by the library.

CPENameOperatorVersion
kaminarile0.16.1
kaminarile0.16.1

CPE	Name	Operator	Version
	kaminari	le	0.16.1
	kaminari	le	0.16.1

References

github.com/kaminari/kaminari/security/advisories/GHSA-7r3j-qmr4-jfpj

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47231