Back to bug 1131240
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2014-08-18 18:49:12 UTC | Blocks | 1131241 | |
| Kurt Seifried | 2014-08-18 23:29:51 UTC | Priority | medium | high |
| Whiteboard | impact=moderate,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected | impact=high,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected | ||
| Severity | medium | high | ||
| Murray McAllister | 2014-08-20 08:50:43 UTC | Whiteboard | impact=high,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected |
| Murray McAllister | 2014-08-20 08:56:34 UTC | Whiteboard | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected,fedora-19/rubygem-activerecord=new,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5/rubygem-activerecord=new,cfme-5/ruby193-rubygem-activerecord=new,openstack-4/ruby193-rubygem-activerecord=new,openshift-enterprise-1/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new |
| Murray McAllister | 2014-08-20 08:57:08 UTC | CC | abaron, aortega, apevec, ayoung, bdunne, bkearney, bleanhar, cbillett, ccoleman, chrisw, dajohnso, dallan, dclarizi, dmcphers, gkotton, gmccullo, jdetiber, jfrey, jialiu, jkeck, jokerman, jprause, jrafanie, JVLcek, katello-bugs, kseifried, lhh, lmeyer, lpeer, markmc, mburns, mmccomas, mmcgrath, obarenbo, pmyers, rbryant, rhos-maint, sclewis, tomckay, xlecauch, yeylon | |
| Dan Clarizio | 2014-08-20 13:57:22 UTC | CC | mpovolny | |
| Kurt Seifried | 2014-08-21 05:42:44 UTC | Whiteboard | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected,fedora-19/rubygem-activerecord=new,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5/rubygem-activerecord=new,cfme-5/ruby193-rubygem-activerecord=new,openstack-4/ruby193-rubygem-activerecord=new,openshift-enterprise-1/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected,fedora-19/rubygem-activerecord=new,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5/rubygem-activerecord=new,cfme-5/ruby193-rubygem-activerecord=new,openstack-4/ruby193-rubygem-activerecord=new,openshift-enterprise-1/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,fedora-19/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1.1.z/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected |
| Tomas Hoger | 2014-08-25 09:19:13 UTC | Fixed In Version | rubygem-activerecord 4.0.9, rubygem-activerecord 4.1.5 | |
| Tomas Hoger | 2014-08-25 09:24:09 UTC | Whiteboard | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ror40-rubygem-activerecord=affected,fedora-20/rubygem-activerecord=affected,fedora-19/rubygem-activerecord=new,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5/rubygem-activerecord=new,cfme-5/ruby193-rubygem-activerecord=new,openstack-4/ruby193-rubygem-activerecord=new,openshift-enterprise-1/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,fedora-19/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,rhscl-1.1.z/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected |
| Tomas Hoger | 2014-08-25 11:45:13 UTC | Depends On | 1133530 | |
| Tomas Hoger | 2014-08-25 11:45:18 UTC | Depends On | 1133531 | |
| Tomas Hoger | 2014-08-25 11:53:14 UTC | Whiteboard | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N,rhscl-1/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhscl-1/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected |
| Kurt Seifried | 2014-08-25 15:11:42 UTC | Depends On | 1133622 | |
| Martin Prpič | 2014-08-26 12:19:09 UTC | Doc Text | It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. | |
| Chess Hazlett | 2014-08-27 14:47:37 UTC | Status | NEW | CLOSED |
| CC | chazlett | |||
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-08-27 10:47:37 UTC | |||
| Ján Rusnačko | 2014-09-30 16:26:59 UTC | CC | jrusnack | |
| Whiteboard | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhscl-1/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhscl-1/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,cwe=CWE-88 | ||
| Perry Myers | 2016-04-26 16:46:08 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:20:20 UTC | Whiteboard | impact=important,public=20140818,reported=20140818,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhscl-1/ruby193-rubygem-activerecord=notaffected,rhscl-1/ror40-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5/rubygem-activerecord=notaffected,cfme-5/ruby193-rubygem-activerecord=notaffected,openstack-4/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,openshift-enterprise-1/ruby193-rubygem-activerecord=notaffected,fedora-19/rubygem-activerecord=notaffected,fedora-20/rubygem-activerecord=affected,cwe=CWE-88 |
Back to bug 1131240