Vulnerability CVE-2020-8264

Vulnerability Name:

CVE-2020-8264 (CCN-194324)

Assigned:

2020-12-23

Published:

2020-12-23

Updated:

2021-01-12

Summary:

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-8264

Source: XF
Type: UNKNOWN
actionpack-cve20208264-open-redirect(194324)

Source: CCN
Type: rails GIT Repository
Only allow ActionableErrors if show_detailed_exceptions is enabled

Source: MISC
Type: Mailing List, Third Party Advisory
https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ

Source: CCN
Type: Hackerone #904059
Open Redirect

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://hackerone.com/reports/904059

Vulnerable Configuration:

Configuration 1:

cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.0.3.4)

Configuration CCN 1:

cpe:/a:rubyonrails:rails:6.0.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:113380	P	ruby2.7-rubygem-activerecord-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113367	P	ruby2.7-rubygem-actionmailbox-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113406	P	ruby2.7-rubygem-railties-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113374	P	ruby2.7-rubygem-actionview-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113382	P	ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113369	P	ruby2.7-rubygem-actionmailer-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113376	P	ruby2.7-rubygem-activejob-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113384	P	ruby2.7-rubygem-activesupport-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113371	P	ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113378	P	ruby2.7-rubygem-activemodel-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113366	P	ruby2.7-rubygem-actioncable-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113403	P	ruby2.7-rubygem-rails-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113372	P	ruby2.7-rubygem-actiontext-6.0-6.0.4-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106785	P	ruby2.7-rubygem-activemodel-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106773	P	ruby2.7-rubygem-actioncable-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106808	P	ruby2.7-rubygem-rails-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106779	P	ruby2.7-rubygem-actiontext-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106787	P	ruby2.7-rubygem-activerecord-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106774	P	ruby2.7-rubygem-actionmailbox-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106811	P	ruby2.7-rubygem-railties-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106781	P	ruby2.7-rubygem-actionview-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106789	P	ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106776	P	ruby2.7-rubygem-actionmailer-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106783	P	ruby2.7-rubygem-activejob-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106791	P	ruby2.7-rubygem-activesupport-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106778	P	ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 on GA media (Moderate)	2021-10-01

BACK