GHSA-wrrw-crp8-979q

Suggest an improvement
Source
https://github.com/advisories/GHSA-wrrw-crp8-979q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-wrrw-crp8-979q/GHSA-wrrw-crp8-979q.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wrrw-crp8-979q
Published
2022-09-15T03:21:00Z
Modified
2024-12-06T05:28:52.044188Z
Summary
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Details

Impact

The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to.

Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The *_starts_with, *_ends_with or *_contains search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force.

[1] https://activerecord-hackery.github.io/ransack/going-further/associations/ [2] https://activerecord-hackery.github.io/ransack/getting-started/search-matches/

Mitigation

Upgrade to version 15.7.1 or 14.5.2 of the pageflow gem.

For more information

If you have any questions or comments about this advisory email us at info(at)codevise.de

Credits

Positive Security

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:21:00Z"
}
References

Affected packages

RubyGems / pageflow

Package

Name
pageflow
Purl
pkg:gem/pageflow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.5.2

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.7.1
0.7.2
0.8.0
0.8.1
0.8.2
0.9.0
0.9.1
0.9.2
0.10.0
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4

12.*

12.0.0.rc1
12.0.0.rc2
12.0.0.rc3
12.0.0.rc4
12.0.0.rc5
12.0.0.rc6
12.0.0.rc7
12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.1.0
12.2.0
12.3.0
12.4.0
12.4.1
12.5.0
12.6.0

13.*

13.0.0.beta1
13.0.0.beta2
13.0.0.beta3
13.0.0.beta4
13.0.0.beta5
13.0.0.beta6
13.0.0.beta7
13.0.0.rc1
13.0.0
13.1.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0

14.*

14.0.0.beta1
14.0.0.beta2
14.0.0.beta3
14.0.0.rc1
14.0.0.rc2
14.0.0
14.1.0
14.1.1
14.2.0
14.2.1
14.3.0
14.4.0
14.5.0
14.5.1

RubyGems / pageflow

Package

Name
pageflow
Purl
pkg:gem/pageflow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15.0.0
Fixed
15.7.1

Affected versions

15.*

15.0.0
15.0.1
15.0.2
15.1.0.beta1
15.1.0.beta2
15.1.0.beta3
15.1.0.beta4
15.1.0.beta5
15.1.0.beta6
15.1.0.rc0
15.1.0
15.1.1
15.1.2
15.2.0
15.2.1
15.2.2
15.3.0
15.4.0
15.5.0
15.6.0
15.6.1
15.7.0