Back to bug 1301963
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-26 12:56:03 UTC | Depends On | 1301964 | |
| Adam Mariš | 2016-01-26 14:09:04 UTC | Blocks | 1302006 | |
| Adam Mariš | 2016-01-27 08:30:29 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,rhscl-2/rh-ror41-rubygem-rails=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/rh-ror41-rubygem-rails=new,fedora-all/rubygem-actionview=affected |
| Tomas Hoger | 2016-01-27 08:50:50 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/rh-ror41-rubygem-rails=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected |
| Tomas Hoger | 2016-01-27 08:50:57 UTC | CC | hhorak | |
| Ján Rusnačko | 2016-01-27 12:47:25 UTC | Priority | medium | high |
| CC | jrusnack | |||
| Severity | medium | high | ||
| Ján Rusnačko | 2016-01-29 12:04:16 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected,sam-1/ruby193-rubygem-actionpack=affected |
| Ján Rusnačko | 2016-01-29 12:04:23 UTC | CC | bkearney, cbillett, katello-bugs, kseifried, tomckay | |
| Ján Rusnačko | 2016-01-29 12:36:04 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected,sam-1/ruby193-rubygem-actionpack=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionview=affected |
| Ján Rusnačko | 2016-01-29 12:36:22 UTC | CC | apatters, ccoleman, cpelland, dajohnso, dclarizi, dmcphers, gblomqui, gmccullo, gtanzill, jfrey, jhardy, jialiu, joelsmith, jokerman, jprause, jrafanie, lmeyer, mmccomas, obarenbo, roliveri, xlecauch | |
| Ján Rusnačko | 2016-01-29 12:38:44 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected |
| Ján Rusnačko | 2016-01-29 12:55:28 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected |
| Ján Rusnačko | 2016-01-29 14:03:17 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected |
| Ján Rusnačko | 2016-01-29 14:05:17 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected |
| Ján Rusnačko | 2016-01-29 14:13:16 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,fedora-all/rubygem-actionview=affected |
| Ján Rusnačko | 2016-01-29 15:03:50 UTC | Attachment #1119447 Attachment is patch | 0 | 1 |
| Attachment #1119447 Attachment mime type | application/mbox | text/plain | ||
| Ján Rusnačko | 2016-01-29 15:21:23 UTC | Doc Text | A flaw was found in a way Ruby on Rails included templates for rendering. If an application passes untrusted input to the `render` method, attacker could use this to render unexpected files or execute arbitrary code. | |
| Summer Long | 2016-02-01 01:09:09 UTC | CC | slong | |
| Doc Text | A flaw was found in a way Ruby on Rails included templates for rendering. If an application passes untrusted input to the `render` method, attacker could use this to render unexpected files or execute arbitrary code. | An information-leak vulnerability was found in the way Ruby on Rails included templates for rendering. If an application passed untrusted input to the `render` method, a remote, unauthenticated attacker could use this to render unexpected files or execute arbitrary code. | ||
| Tomas Hoger | 2016-02-05 13:41:17 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,sam-1/rubygem-actionpack=affected,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected |
| Tomas Hoger | 2016-02-05 13:53:44 UTC | Fixed In Version | rubygem-actionview 5.0.0.beta1.1, rubygem-actionview 4.2.5.1, rubygem-actionview 4.1.14.1, rubygem-actionview 3.2.22.1 | rubygem-actionview 5.0.0.beta1.1, rubygem-actionview 4.2.5.1, rubygem-actionview 4.1.14.1, rubygem-pack 3.2.22.1 |
| Summary | CVE-2016-0752 rubygem-actionview: Possible Information Leak Vulnerability in Action View | CVE-2016-0752 rubygem-actionview, rubygem-actionpack: directory traversal flaw in Action View | ||
| Ján Rusnačko | 2016-02-10 12:43:43 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=affected,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected |
| Tomas Hoger | 2016-02-10 13:30:06 UTC | Depends On | 1306275 | |
| Tomas Hoger | 2016-02-10 13:30:13 UTC | Depends On | 1306276 | |
| Tomas Hoger | 2016-02-10 13:30:19 UTC | Depends On | 1306277 | |
| Tomas Hoger | 2016-02-10 13:30:27 UTC | Depends On | 1306278 | |
| Tomas Hoger | 2016-02-10 13:30:31 UTC | Depends On | 1306279 | |
| Tomas Hoger | 2016-02-10 13:30:41 UTC | Depends On | 1306281 | |
| Tomas Hoger | 2016-02-10 13:33:38 UTC | Depends On | 1306288 | |
| Tomas Hoger | 2016-02-10 13:33:45 UTC | Depends On | 1306289 | |
| Joe Rafaniello | 2016-02-10 15:54:47 UTC | CC | jrafanie | |
| Ján Rusnačko | 2016-02-11 12:16:27 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected |
| Martin Prpič | 2016-02-24 09:30:58 UTC | Doc Text | An information-leak vulnerability was found in the way Ruby on Rails included templates for rendering. If an application passed untrusted input to the `render` method, a remote, unauthenticated attacker could use this to render unexpected files or execute arbitrary code. | A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code. |
| Ján Rusnačko | 2016-03-04 15:10:01 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,cwe=CWE-22 |
| Martin Prpič | 2016-03-14 12:37:19 UTC | Doc Text | A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code. | A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code. |
| Tomas Hoger | 2016-03-15 21:22:29 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-15 17:22:29 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=important,public=20160125,reported=20160122,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,cwe=CWE-22 | |
| Ondrej Soukup | 2021-06-02 06:40:41 UTC | CC | osoukup |
Back to bug 1301963