BDU:2020-00755

BDU

High

Уязвимость модуля Gem::CommandManage системы управления пакетами RubyGems связана с недостаточным экранированием. Эксплуатация уязвимости м…

CVSS

7.5

High

EPSS

0.00

Published

2020-01-01

Updated

2020-01-01

Description

Уязвимость модуля Gem::CommandManage системы управления пакетами RubyGems связана с недостаточным экранированием. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, нарушить целостность данных при помощи специально сформированной escape-последовательности

Tags · CWE

Pre-auth

Affected products

Red hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineRed hat inc. Cloudforms management engineСообщество свободного программного обеспечения RubygemsСообщество свободного программного обеспечения Rubygems

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Timeline

2020-01-01

Published

2020-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: H

High (H)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Red Hat

Cloudforms Management Engine

Сообщество Свободного Программного Обеспечения

Rubygems

Product	Vendor	Status
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
cloudforms management engine	red hat inc.	Tracked
rubygems	сообщество свободного программного обеспечения	Tracked
rubygems	сообщество свободного программного обеспечения	Tracked

Showing first 20 of 36

Source databases

BDU

Related vulnerabilities

CVE-2019-8325

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8325@https://nvd.nist.gov/vuln/detail/CVE-2019-8325@https://security-tracker.debian.org/tracker/CVE-2019-8325@https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html@https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186@https://ubuntu.com/security/notices/USN-3945-1@https://access.redhat.com/security/cve/CVE-2019-8325@https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15@https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023