The FileStore capability in CGI::Session for Ruby prior to 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yukihiro matsumoto ruby 1.6 |
||
yukihiro matsumoto ruby 1.8 |