CVE-2020-8151
12.05.2020, 13:15
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | active_resource | 𝑥 < 5.1.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||||||||||
| ruby-activemodel-3.2 |
| ||||||||||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||||||||||
| ruby-activesupport-3.2 |
| ||||||||||||||||||||||||||
| ruby-rails-3.2 |
|
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References