Vulnerability CVE-2020-8163

Vulnerability Name:

CVE-2020-8163 (CCN-184567)

Assigned:

2020-05-16

Published:

2020-05-16

Updated:

2022-05-24

Summary:

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-94

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-8163

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

Source: XF
Type: UNKNOWN
rails-cve20208163-code-exec(184567)

Source: CCN
Type: Google Web site
[CVE-2020-8163] Potential remote code execution of user-provided local names in Rails < 5.0.1

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0

Source: MISC
Type: Permissions Required, Third Party Advisory
https://hackerone.com/reports/304805

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update

Source: CCN
Type: Packet Storm Security [07-27-2020]
Ruby On Rails 5.0.1 Remote Code Execution

Source: CCN
Type: Ruby on Rails Web site
Ruby on Rails

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-26-2020]

Source: CCN
Type: IBM Security Bulletin 6250723 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-8163

Vulnerable Configuration:

Configuration 1:

cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version < 5.0.1)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.1.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20208163	V	CVE-2020-8163	2022-05-22
oval:org.opensuse.security:def:55243	P	Security update for Mesa (Moderate)	2021-09-16
oval:org.opensuse.security:def:56066	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:58001	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:63373	P	sblim-sfcb-1.4.9-5.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63465	P	dia-0.97.3-4.3.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63412	P	apache-commons-beanutils-1.9.4-1.68 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63515	P	python2-ovs-2.11.5-3.15.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63043	P	rpm-build-4.14.1-29.46 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62180	P	libmspack-devel-0.6-3.8.19 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:55221	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:55220	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:59505	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:59758	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:63549	P	libproxy1-config-gnome3-0.4.15-2.42 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55900	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:57442	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:60248	P	Security update for python36 (Moderate)	2021-05-04
oval:org.opensuse.security:def:57893	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:58093	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:57163	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:56925	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:62722	P	typelib-1_0-JavaScriptCore-4_0-2.28.2-1.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61711	P	c-ares-devel-1.15.0+20200117-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61712	P	cairo-devel-1.16.0-1.55 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63174	P	openssh-fips-7.6p1-7.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61735	P	emacs-25.3-3.3.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63277	P	libmariadbd-devel-10.4.13-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61906	P	libwebp7-1.0.3-1.62 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62376	P	docker-19.03.5_ce-6.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62508	P	bubblewrap-0.3.1-4.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:55794	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:56744	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:58167	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:59325	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60666	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:58236	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:58205	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:59347	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:60763	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:61005	P	Security update for rubygem-actionview-4_2 (Important)	2020-12-01
oval:org.opensuse.security:def:57336	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:58286	P	Security update for nodejs6 (Critical)	2020-12-01
oval:org.opensuse.security:def:60847	P	Security update for grafana, kafka, logstash, openstack-monasca-installer (Moderate)	2020-12-01
oval:org.opensuse.security:def:56351	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:60926	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:60885	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:56459	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:57608	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:59941	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:60976	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:56551	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:56762	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:60059	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:55383	P	shadow on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56625	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:56763	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:55621	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:56663	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:56785	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:59324	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60548	P	supportutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:58310	P	Security update for rubygem-actionview-4_2 (Important)	2020-12-01
oval:org.opensuse.security:def:84458	P	Security update for rubygem-actionview-4_2 (Important)	2020-08-06
oval:org.opensuse.security:def:88320	P	Security update for rubygem-actionview-4_2 (Important)	2020-08-06
oval:org.opensuse.security:def:80945	P	Security update for rubygem-actionview-4_2 (Important)	2020-08-06

BACK