-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
CVE-2020-8166.yml
32 lines (27 loc) · 1 KB
/
CVE-2020-8166.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: actionpack
framework: rails
cve: 2020-8166
ghsa: jp5v-5gx4-jmj9
url: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
title: Ability to forge per-form CSRF tokens given a global CSRF token
date: 2020-05-18
description: |
It is possible to possible to, given a global CSRF token such as the one
present in the authenticity_token meta tag, forge a per-form CSRF token for
any action for that session.
Versions Affected: rails < 5.2.5, rails < 6.0.4
Not affected: Applications without existing HTML injection vulnerabilities.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
Given the ability to extract the global CSRF token, an attacker would be able to
construct a per-form CSRF token for that session.
Workarounds
-----------
This is a low-severity security issue. As such, no workaround is necessarily
until such time as the application can be upgraded.
cvss_v3: 4.3
patched_versions:
- "~> 5.2.4, >= 5.2.4.3"
- ">= 6.0.3.1"