CVE-2019-5418

Description

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 94.32%• Percentile: 100%

Techniques & Countermeasures

• CWE-22•Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Affected Systems

• debian•debian_linux

  8.0

• fedoraproject•fedora

  30

• opensuse•leap

  15.0

• rails•https://github.com/rails/rails

  5.2.2.1 | 5.1.6.2 | 5.0.7.2 | 4.2.11.1

• redhat•cloudforms

  4.7 | 4.6

• redhat•software_collections

  1.0

• rubyonrails•rails

  ≥ 3.0.0, < 4.2.11.1 | ≥ 5.0.0, < 5.0.7.2 | ≥ 5.1.0, < 5.1.6.2 | ≥ 5.2.0, < 5.2.2.1

References (14)

• https://www.exploit-db.com/exploits/46585/
• http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
• http://www.openwall.com/lists/oss-security/2019/03/22/1
• https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
• https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
• https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
• https://access.redhat.com/errata/RHSA-2019:0796
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
• https://access.redhat.com/errata/RHSA-2019:1149
• https://access.redhat.com/errata/RHSA-2019:1147
• https://access.redhat.com/errata/RHSA-2019:1289
• https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418