CVE-2019-5420

critical-risk
Published 2019-03-27

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Do I need to act?

!
93.7% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
46785
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Debian Fedoraproject Rubyonrails

References (10)

Exploit http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-...
https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Patch https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-release...
Exploit https://www.exploit-db.com/exploits/46785/
Exploit http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-...
https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Patch https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-release...
Exploit https://www.exploit-db.com/exploits/46785/
71
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 12/34 · Low