Published: 26/01/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In strategy.rb in OmniAuth prior to 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.

Vulnerable Product	Search on Vulmon	Subscribe to Product
omniauth omniauth
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #888523 ruby-omniauth: CVE-2017-18076: security issue in returning post parameters from session in callback phase Package: src:ruby-omniauth; Maintainer for src:ruby-omniauth is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso < ...

Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSR ...

NVD-CWE-noinfo https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b https://github.com/omniauth/omniauth/pull/867 https://bugs.debian.org/888523 https://www.debian.org/security/2018/dsa-4109 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888523 https://nvd.nist.gov https://www.debian.org/security/./dsa-4109

CVE-2017-18076

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect