Vulnerability Name:

CVE-2021-22885 (CCN-201280)

Assigned:2021-05-05
Published:2021-05-05
Updated:2022-04-06
Summary:A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-209
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2021-22885

Source: XF
Type: UNKNOWN
rubyonrails-cve202122885-info-disc(201280)

Source: MISC
Type: Exploit, Third Party Advisory
https://hackerone.com/reports/1106652

Source: CCN
Type: Ruby on Rails Web site
Ruby on Rails

Source: CCN
Type: oss-sec Mailing List, Wed, 5 May 2021 09:39:22 -0700
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210805-0009/

Source: DEBIAN
Type: Third Party Advisory
DSA-4929

Source: CCN
Type: IBM Security Bulletin 6469479 (License Metric Tool)
A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2021-22885).

Source: CCN
Type: IBM Security Bulletin 6475467 (Cloud Pak for Multicloud Management)
A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-22885

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version >= 5.2.0.0 and < 5.2.4.6)
  • OR cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version >= 6.0.0.0 and < 6.0.3.7)
  • OR cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version >= 6.1.0.0 and < 6.1.3.1)

    • Configuration 2:
  • cpe:/a:rubyonrails:actionpack_page-caching:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:95247
    P
    		Security update for node_exporter (Important)
    2022-06-20
    oval:org.opensuse.security:def:6018
    P
    		Security update for SDL (Important)
    2022-04-22
    oval:org.opensuse.security:def:101960
    P
    		Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important)
    2022-04-14
    oval:org.opensuse.security:def:113370
    P
    		ruby2.7-rubygem-actionpack-5.2-5.2.6-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:113371
    P
    		ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106777
    P
    		ruby2.7-rubygem-actionpack-5.2-5.2.6-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:106778
    P
    		ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:96996
    P
    		apache2-mod_security2-2.9.2-1.34 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:111551
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-07-11
    oval:org.opensuse.security:def:96169
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:8383
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:108626
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:98824
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:67107
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:8252
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:118621
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:75856
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:109525
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:91874
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:8318
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:76175
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:5699
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:102859
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:8359
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:66788
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:111405
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:102285
    P
    		Security update for rubygem-actionpack-5_1 (Important)
    2021-05-26
    oval:org.opensuse.security:def:81074
    P
    		Security update for rubygem-actionpack-4_2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:84600
    P
    		Security update for rubygem-actionpack-4_2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:88431
    P
    		Security update for rubygem-actionpack-4_2 (Important)
    2021-05-19
    BACK
    rubyonrails rails *
    rubyonrails rails *
    rubyonrails rails *
    rubyonrails actionpack page-caching -
    debian debian linux 10.0
    ibm license metric tool 9.2