CVE-2015-8314

EUVD-2023-0374
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
heartcombodevise
𝑥
< 3.5.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-devise
bookworm
4.8.1-1
fixed
bullseye
4.7.3-2
fixed
sid
4.9.3-1
fixed
trixie
4.9.3-1
fixed
Common Weakness Enumeration
References
https://github.com/advisories/GHSA-746g-3gfp-hfhw
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
https://rubysec.com/advisories/CVE-2015-8314/
https://github.com/advisories/GHSA-746g-3gfp-hfhw
https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24
https://rubysec.com/advisories/CVE-2015-8314/