Bug 1689159 (CVE-2019-5418)
Summary: | CVE-2019-5418 rubygem-actionpack: render file directory traversal in Action View | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | dajohnso, dmetzger, gblomqui, gmccullo, gtanzill, hhorak, jaruga, jfrey, jhardy, jorton, jprause, kdixon, obarenbo, pvalena, roliveri, ruby-maint, ruby-packagers-sig, simaishi, strzibny |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rubygem-actionview 6.0.0.beta3, rubygem-actionview 5.2.2.1, rubygem-actionview 5.1.6.2, rubygem-actionview 5.0.7.2, rubygem-actionview 4.2.11.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain access to the proper files. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-05-13 09:43:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1689161, 1690394, 1690397, 1690399, 1690401, 1695968, 1695969, 1695970, 1695971 | ||
Bug Blocks: | 1689162 |
Description
Andrej Nemec
2019-03-15 10:28:45 UTC
Created rubygem-actionview tracking bugs for this issue: Affects: fedora-all [bug 1689161] References: https://seclists.org/oss-sec/2019/q1/178 Note the patch to fix this issue is same with CVE-2019-5419. Upstream commit: 4.2 https://github.com/rails/rails/commit/58ed245e80a8710fbe31e91417bfd19f9f934cc4 5.0 https://github.com/rails/rails/commit/c79dcbce9bfd20fe7f72ca431c49965ee39bd645 5.1 https://github.com/rails/rails/commit/92c025d7f17ff256ac50f5e3bc014bb1a016d1ec 5.2 https://github.com/rails/rails/commit/d7fac9c09a535ec7f11bb9aa8addb4af37b7d4b5 Statement: This issue did affect the versions of rh-ror42-rubygem-actionpack and rh-ror50-rubygem-actionpack as shipped with Red Hat Software Collections. This issue has been addressed in the following products: CloudForms Management Engine 5.10 Via RHSA-2019:0796 https://access.redhat.com/errata/RHSA-2019:0796 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1147 https://access.redhat.com/errata/RHSA-2019:1147 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1149 https://access.redhat.com/errata/RHSA-2019:1149 This issue has been addressed in the following products: CloudForms Management Engine 5.9 Via RHSA-2019:1289 https://access.redhat.com/errata/RHSA-2019:1289 |