Detections
Analytics

Debian DLA-3093-1 : rails - LTS security update

critical Nessus Plugin ID 164961

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3093 advisory.

 - A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. (CVE-2022-21831)

 - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. (CVE-2022-22577)

 - Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA- wh98-p28r-vrc9 can be used. (CVE-2022-23633)

 - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. (CVE-2022-27777)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the rails packages.

For Debian 10 buster, these problems have been fixed in version 2

See Also

https://security-tracker.debian.org/tracker/source-package/rails

https://www.debian.org/lts/security/2022/dla-3093

https://security-tracker.debian.org/tracker/CVE-2022-21831

https://security-tracker.debian.org/tracker/CVE-2022-22577

https://security-tracker.debian.org/tracker/CVE-2022-23633

https://security-tracker.debian.org/tracker/CVE-2022-27777

https://packages.debian.org/source/buster/rails

Plugin Details

Severity: Critical

ID: 164961

File Name: debian_DLA-3093.nasl

Version: 1.4

Type: local

Agent: unix

Published: 9/13/2022

Updated: 10/12/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-21831

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-32224

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:rails, p-cpe:/a:debian:debian_linux:ruby-actioncable, p-cpe:/a:debian:debian_linux:ruby-actionmailer, p-cpe:/a:debian:debian_linux:ruby-actionpack, p-cpe:/a:debian:debian_linux:ruby-actionview, p-cpe:/a:debian:debian_linux:ruby-activejob, p-cpe:/a:debian:debian_linux:ruby-activemodel, p-cpe:/a:debian:debian_linux:ruby-activerecord, p-cpe:/a:debian:debian_linux:ruby-activestorage, p-cpe:/a:debian:debian_linux:ruby-activesupport, p-cpe:/a:debian:debian_linux:ruby-rails, p-cpe:/a:debian:debian_linux:ruby-railties, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/13/2022

Vulnerability Publication Date: 2/11/2022

Reference Information

CVE: CVE-2022-21831, CVE-2022-22577, CVE-2022-23633, CVE-2022-27777, CVE-2022-32224