UBUNTU-CVE-2024-32978

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-32978
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-32978.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-32978
Upstream
Published
2024-05-27T16:15:00Z
Modified
2025-10-24T05:09:10Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user.

References

Affected packages

Ubuntu:16.04:LTS

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@0.16.3-1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.16.3-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.16.3-1",
            "binary_name": "ruby-kaminari"
        }
    ]
}

Ubuntu:18.04:LTS

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@0.17.0-3?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.17.0-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.17.0-3",
            "binary_name": "ruby-kaminari"
        }
    ]
}

Ubuntu:20.04:LTS

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@1.0.1-5?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.1-4
1.0.1-5

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.0.1-5",
            "binary_name": "ruby-kaminari"
        },
        {
            "binary_version": "1.0.1-5",
            "binary_name": "ruby-kaminari-actionview"
        },
        {
            "binary_version": "1.0.1-5",
            "binary_name": "ruby-kaminari-activerecord"
        },
        {
            "binary_version": "1.0.1-5",
            "binary_name": "ruby-kaminari-core"
        }
    ]
}

Ubuntu:22.04:LTS

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@1.2.1-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.1-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.2.1-1",
            "binary_name": "ruby-kaminari"
        },
        {
            "binary_version": "1.2.1-1",
            "binary_name": "ruby-kaminari-actionview"
        },
        {
            "binary_version": "1.2.1-1",
            "binary_name": "ruby-kaminari-activerecord"
        },
        {
            "binary_version": "1.2.1-1",
            "binary_name": "ruby-kaminari-core"
        }
    ]
}

Ubuntu:24.04:LTS

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@1.2.2-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-actionview"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-activerecord"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-core"
        }
    ]
}

Ubuntu:25.04

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@1.2.2-1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-actionview"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-activerecord"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-core"
        }
    ]
}

Ubuntu:25.10

ruby-kaminari

Package

Name
ruby-kaminari
Purl
pkg:deb/ubuntu/ruby-kaminari@1.2.2-1?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.2-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-actionview"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-activerecord"
        },
        {
            "binary_version": "1.2.2-1",
            "binary_name": "ruby-kaminari-core"
        }
    ]
}