Bug 2026757 (CVE-2021-41819)
Summary: | CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bdettelb, caswilli, hhorak, jaruga, joe, jorton, jprokop, jwong, kaycoth, kyoshida, mo, mtasaka, pvalena, ruby-maint, ruby-packagers-sig, s, strzibny, vanmeeuwen+fedora, vmugicag, vondruch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cgi 0.3.1, cgi 0.2.1, cgi 0.1.1, ruby 3.0.3, ruby 2.7.5, ruby 2.6.9 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-03 01:50:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2026758, 2026759, 2026760, 2026761, 2026762, 2026763, 2028512, 2028513, 2028514, 2028515, 2028516, 2028517, 2028518, 2030657, 2030658, 2053066, 2053067, 2053068, 2053069, 2057449, 2100523, 2109426, 2122989, 2123022, 2128625, 2128632 | ||
Bug Blocks: | 2026764 |
Description
Guilherme de Almeida Suckevicz
2021-11-25 18:12:57 UTC
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 2026759] Created ruby:2.5/ruby tracking bugs for this issue: Affects: fedora-34 [bug 2026762] Created ruby:2.6/ruby tracking bugs for this issue: Affects: fedora-34 [bug 2026761] Created ruby:2.7/ruby tracking bugs for this issue: Affects: fedora-all [bug 2026758] Created ruby:3.0/ruby tracking bugs for this issue: Affects: fedora-35 [bug 2026763] Created ruby:master/ruby tracking bugs for this issue: Affects: fedora-all [bug 2026760] The decoding attack present in this flaw is present in all shipped versions of RHEL 6 - 9 and RHSCL. This flaw was present due to URL decoding being applied to cookie names. This provided the ability for an attacker to exploit this decoding to spoof security prefixes which could allow some applications to be fooled by the spoofed security prefixes. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0543 https://access.redhat.com/errata/RHSA-2022:0543 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0544 https://access.redhat.com/errata/RHSA-2022:0544 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0581 https://access.redhat.com/errata/RHSA-2022:0581 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0582 https://access.redhat.com/errata/RHSA-2022:0582 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:0708 https://access.redhat.com/errata/RHSA-2022:0708 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41819 I updated the "Fixed In Version" field based on the upstream info below. https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5779 https://access.redhat.com/errata/RHSA-2022:5779 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6447 https://access.redhat.com/errata/RHSA-2022:6447 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6450 https://access.redhat.com/errata/RHSA-2022:6450 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6855 https://access.redhat.com/errata/RHSA-2022:6855 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6856 https://access.redhat.com/errata/RHSA-2022:6856 |