Vulnerability Details : CVE-2014-125054
A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability.
Vulnerability category: BypassGain privilege
Products affected by CVE-2014-125054
- cpe:2.3:a:reddit-on-rails_project:reddit-on-rails:*:*:*:*:*:ruby:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-125054
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-125054
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | 2024-02-29 |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2014-125054
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cna@vuldb.com (Primary)
References for CVE-2014-125054
-
https://vuldb.com/?ctiid.217594
Third Party Advisory;VDB Entry
-
https://vuldb.com/?id.217594
Third Party Advisory;VDB Entry
-
https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030
Solved duplicate votes issue; Discovered karma exploitation · koroket/RedditOnRails@7f3c740 · GitHubPatch;Third Party Advisory
Jump to