CVE-2017-18076

EUVD-2018-0158
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
omniauthomniauth
𝑥
< 1.3.2
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-omniauth
bookworm
2.1.1-1
fixed
bullseye
1.9.1-1
fixed
sid
2.1.1-1
fixed
trixie
2.1.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-omniauth
artful
Fixed 1.3.1-1+deb9u1build0.17.10.1
released
bionic
not-affected
cosmic
not-affected
disco
not-affected
trusty
dne
xenial
Fixed 1.3.1-1+deb9u1build0.16.04.1
released
References
https://bugs.debian.org/888523
https://github.com/omniauth/omniauth/pull/867
https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b
https://www.debian.org/security/2018/dsa-4109
https://bugs.debian.org/888523
https://github.com/omniauth/omniauth/pull/867
https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b
https://www.debian.org/security/2018/dsa-4109