GitHub_MVULNRICHMENT:CVE-2024-26144CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:rails:rails:*:*:*:*:*:*:*:*"
],
"vendor": "rails",
"product": "rails",
"versions": [
{
"status": "affected",
"version": "5.2.0",
"lessThan": "7.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]References
discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
security.netapp.com/advisory/ntap-20240510-0013/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial