GHSA-rxq3-gm4p-5fj4

Suggest an improvement
Source
https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-rxq3-gm4p-5fj4/GHSA-rxq3-gm4p-5fj4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rxq3-gm4p-5fj4
Aliases
Published
2017-10-24T18:33:38Z
Modified
2024-02-14T21:49:26.893858Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
rails vulnerable to improper authentication
Details

The example code for the digest authentication functionality (httpauthentication.rb) in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.

Database specific
{
    "nvd_published_at": "2009-07-10T15:30:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:56:22Z"
}
References

Affected packages

RubyGems / rails

Package

Name
rails
Purl
pkg:gem/rails

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.3

Affected versions

0.*

0.8.0
0.8.5
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.4.1
0.9.5
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.14.1
0.14.2
0.14.3
0.14.4

1.*

1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6

2.*

2.0.0
2.0.1
2.0.2
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.2.2
2.2.3
2.3.2