Bug 1852380 (CVE-2020-8185)
| Summary: | CVE-2020-8185 rubygem-rails: untrusted users able to run pending migrations in production | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | akarol, bbuckingham, bcourt, bkearney, btotty, dmetzger, gmccullo, gtanzill, hhudgeon, jfrey, jhardy, lzap, mmccune, mo, mtasaka, nmoumoul, obarenbo, pvalena, rchan, rjerrido, roliveri, ruby-packagers-sig, simaishi, smallamp, sokeeffe, sseago, s, strzibny, tdawson, vondruch |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | rubygem-rails-6.0.3.2 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-06-30 17:20:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1852381, 1852503 | ||
| Bug Blocks: | 1852382 | ||
|
Description
Dhananjay Arunesh
2020-06-30 10:07:24 UTC
Created rubygem-rails tracking bugs for this issue: Affects: fedora-all [bug 1852381] External References: https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released Statement: Red Hat Satellite and Red Hat CloudForms do not ship vulnerable versions of RubyGem Rails hence not affected to the flaw. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8185 |