V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2020-8184
AST
High

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possi…

CVSS
7.5
High
EPSS
0.03
p85
Published
2020-01-01
Updated
2020-01-01
Description

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Tags · CWE
Pre-auth
CWE-784
CWE-807
Affected products
Ansible-collection-redhat-satelliteAnsible-collection-redhat-satelliteAnsible-runnerAnsible-runnerAnsiblerole-foreman_scap_clientAnsiblerole-foreman_scap_clientAnsiblerole-insights-clientAnsiblerole-insights-clientAnsiblerole-satellite-receptor-installerAnsiblerole-satellite-receptor-installerCandlepinCandlepinCreaterepo_cCreaterepo_cForemanForemanForeman-bootloaders-redhatForeman-bootloaders-redhatForeman-discovery-imageForeman-discovery-image
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Timeline
2020-01-01
Published
2020-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.029 · p85
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Debian LinuxRuby-rack
Canonical
Ubuntu LinuxRuby-rack
Red Hat
SatelliteCandlepinRubygem-rackForemanKatelloPulpKatello-certs-toolsForeman-proxyPulp-rpmPulp-puppet+369
Группа Астра (РусБИТех)
Ruby-rack
Rack_project
Rack
ProductVendorStatus
ansible-collection-redhat-satelliteTracked
ansible-collection-redhat-satelliteTracked
ansible-runnerTracked
ansible-runnerTracked
ansiblerole-foreman_scap_clientTracked
ansiblerole-foreman_scap_clientTracked
ansiblerole-insights-clientTracked
ansiblerole-insights-clientTracked
ansiblerole-satellite-receptor-installerTracked
ansiblerole-satellite-receptor-installerTracked
candlepinTracked
candlepinTracked
createrepo_cTracked
createrepo_cTracked
foremanTracked
foremanTracked
foreman-bootloaders-redhatTracked
foreman-bootloaders-redhatTracked
foreman-discovery-imageTracked
foreman-discovery-imageTracked
Showing first 20 of 776
Source databases
AST
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2021-01344