CRITICAL 9.8 RubyGems
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
GHSA-8jhx-9gf4-hhf5 · CVE-2019-16377
Published · Modified
Description
With the consul ruby gem before 1.0.3, if a controller checks multiple powers using :if or :except conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-16377
- WEB https://github.com/makandra/consul/issues/49
- PACKAGE https://github.com/makandra/consul
- WEB https://github.com/rubysec/ruby-advisory-db/blob/c26fbc13435b8be448ad59131428538049d165e4/gems/consul/CVE-2019-16377.yml
- WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/consul/CVE-2019-16377.yml
- WEB https://rubygems.org/gems/consul
Ready to move
Start Securing
Free, no credit card | First findings in minutes