Vulnerabilities > CVE-2020-8151 - Incorrect Authorization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://groups.google.com/forum/#%21topic/rubyonrails-security/pktoF4VmiM8
- https://groups.google.com/forum/#%21topic/rubyonrails-security/pktoF4VmiM8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR/