CVE-2019-16255

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

https://hackerone.com/reports/327512

https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html

https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html

https://seclists.org/bugtraq/2019/Dec/31

https://seclists.org/bugtraq/2019/Dec/32

https://security.gentoo.org/glsa/202003-06

https://www.debian.org/security/2019/dsa-4587

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/

https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/

https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/

https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/

Details

Source: MITRE

Published: 2019-11-26

Updated: 2020-08-24

Type: CWE-94

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from 2.4.0 to 2.4.7 (inclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from 2.5.0 to 2.5.6 (inclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from 2.6.0 to 2.6.4 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
151449Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)NessusOracle Linux Local Security Checks
high
151284Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)NessusOracle Linux Local Security Checks
high
151147CentOS 8 : ruby:2.5 (CESA-2021:2587)NessusCentOS Local Security Checks
high
151146CentOS 8 : ruby:2.6 (CESA-2021:2588)NessusCentOS Local Security Checks
high
151143RHEL 8 : ruby:2.6 (RHSA-2021:2588)NessusRed Hat Local Security Checks
high
151141RHEL 8 : ruby:2.5 (RHSA-2021:2587)NessusRed Hat Local Security Checks
high
141742EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2020-2219)NessusHuawei Local Security Checks
high
140906EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)NessusHuawei Local Security Checks
high
140096Amazon Linux AMI : ruby24 (ALAS-2020-1422)NessusAmazon Linux Local Security Checks
high
139628Debian DLA-2330-1 : jruby security updateNessusDebian Local Security Checks
high
137936EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2020-1717)NessusHuawei Local Security Checks
high
137599SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)NessusSuSE Local Security Checks
high
136232EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1529)NessusHuawei Local Security Checks
high
135161openSUSE Security Update : ruby2.5 (openSUSE-2020-395)NessusSuSE Local Security Checks
medium
134824SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)NessusSuSE Local Security Checks
medium
134815EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1324)NessusHuawei Local Security Checks
high
134473GLSA-202003-06 : Ruby: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
133068Photon OS 3.0: Ruby PHSA-2020-3.0-0047NessusPhotonOS Local Security Checks
high
132976Photon OS 2.0: Ruby PHSA-2019-2.0-0196NessusPhotonOS Local Security Checks
high
132968Photon OS 1.0: Ruby PHSA-2019-1.0-0263NessusPhotonOS Local Security Checks
high
132805EulerOS Virtualization for ARM 64 3.0.5.0 : ruby (EulerOS-SA-2020-1051)NessusHuawei Local Security Checks
high
132624EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1031)NessusHuawei Local Security Checks
high
132109Debian DSA-4587-1 : ruby2.3 - security updateNessusDebian Local Security Checks
high
132108Debian DSA-4586-1 : ruby2.5 - security updateNessusDebian Local Security Checks
high
131960Debian DLA-2027-1 : jruby security updateNessusDebian Local Security Checks
high
131392Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Ruby vulnerabilities (USN-4201-1)NessusUbuntu Local Security Checks
high
131292Debian DLA-2007-1 : ruby2.1 security updateNessusDebian Local Security Checks
high
129549FreeBSD : ruby -- multiple vulnerabilities (f7fcb75c-e537-11e9-863e-b9b7af01ba9e)NessusFreeBSD Local Security Checks
high