Vulnerabilities > CVE-2020-8151 - Incorrect Authorization vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

rubyonrails

fedoraproject

CWE-863

NVD

Published: 2020-05-12

Updated: 2023-11-07

Summary

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.

Vulnerable Configurations

Part	Description	Count
Application	Rubyonrails Rubyonrails Active Resource 4.0.0 Rubyonrails Active Resource 4.1.0 Rubyonrails Active Resource 5.0.0 Rubyonrails Active Resource 5.1.0	5
OS	Fedoraproject Fedoraproject Fedora 33	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://groups.google.com/forum/#%21topic/rubyonrails-security/pktoF4VmiM8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR/