Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7664-1 advisory.

    It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use     this issue to perform local file inclusion, obtaining sensitive information. (CVE-2022-29970)

    It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP     header. An attacker could possibly use this issue to perform a reflected file download attack, achieving     remote code execution. (CVE-2022-45442)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3877 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3877-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Jochen Sprickerhof     September 05, 2024                            https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : ruby-sinatra     Version        : 2.0.8.1-2+deb11u1     CVE ID         : CVE-2022-29970 CVE-2022-45442     Debian Bug     : 1014717 1070953

    Sinatra is an open source web framework for Ruby programming language.

    CVE-2022-29970

        A file traversal vulnerability was discovered. We now validate that         any expanded paths match the allowed `public_dir` when serving         static files.

    CVE-2022-45442

        It was discovered that there was a potential reflected file download         (RFD) vulnerability. A Content-Disposition HTTP header was being         incorrectly derived from a potentially user-supplied filename.

    For Debian 11 bullseye, these problems have been fixed in version     2.0.8.1-2+deb11u1.

    We recommend that you upgrade your ruby-sinatra packages.

    For the detailed security status of ruby-sinatra please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/ruby-sinatra

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0855 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12150 advisory.

    [0.11.3-4.el9_1.2]
    - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt
    - Added license for rubygem ruby2_keywords
    - Resolves: rhbz#2159426

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0974 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0974 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12137 advisory.

    [0.10.14-5.0.1]
    - Replace HAM-logo.png with a generic one

    [0.10.14-5.el8_7.2]
    - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt
    - Added license for rubygem ruby2_keywords
    - Resolves: rhbz#2159424

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0855 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0855 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0855 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0857 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0527 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0506 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0427 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0393 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * sinatra: Reflected File Download attack (CVE-2022-45442)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3264 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3264-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                           Chris Lamb     January 10, 2023                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : ruby-sinatra     Version        : 2.0.5-4+deb10u2     CVE ID         : CVE-2022-45442     Debian Bug     : 1025125

    It was discovered that there was a potential reflected file download     (RFD) vulnerability in ruby-sinatra, a Ruby library for writing HTTP     applications. A Content-Disposition HTTP header was being incorrectly     derived from a potentially user-supplied filename.

    For Debian 10 buster, this problem has been fixed in version     2.0.5-4+deb10u2.

    We recommend that you upgrade your ruby-sinatra packages.

    For the detailed security status of ruby-sinatra please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/ruby-sinatra

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
242690	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Sinatra vulnerabilities (USN-7664-1)	Nessus	Ubuntu Local Security Checks	high
206670	Debian dla-3877 : ruby-rack-protection - security update	Nessus	Debian Local Security Checks	high
190200	CentOS 8 : pcs (CESA-2023:0855)	Nessus	CentOS Local Security Checks	high
172038	Oracle Linux 9 : pcs (ELSA-2023-12150)	Nessus	Oracle Linux Local Security Checks	high
172001	AlmaLinux 9 : pcs (ALSA-2023:0974)	Nessus	Alma Linux Local Security Checks	high
171976	RHEL 9 : pcs (RHSA-2023:0974)	Nessus	Red Hat Local Security Checks	high
171798	Oracle Linux 8 : pcs (ELSA-2023-12137)	Nessus	Oracle Linux Local Security Checks	high
171763	Rocky Linux 8 : pcs (RLSA-2023:0855)	Nessus	Rocky Linux Local Security Checks	high
171730	AlmaLinux 8 : pcs (ALSA-2023:0855)	Nessus	Alma Linux Local Security Checks	high
171719	RHEL 8 : pcs (RHSA-2023:0855)	Nessus	Red Hat Local Security Checks	high
171699	RHEL 8 : pcs (RHSA-2023:0857)	Nessus	Red Hat Local Security Checks	high
170876	RHEL 9 : pcs (RHSA-2023:0527)	Nessus	Red Hat Local Security Checks	high
170869	RHEL 8 : pcs (RHSA-2023:0506)	Nessus	Red Hat Local Security Checks	high
170511	RHEL 8 : pcs (RHSA-2023:0427)	Nessus	Red Hat Local Security Checks	high
170500	RHEL 8 : pcs (RHSA-2023:0393)	Nessus	Red Hat Local Security Checks	high
169802	Debian dla-3264 : ruby-rack-protection - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2022-45442

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high