CVE-2018-1000119 : Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timi

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

Published 2018-03-07 14:29:00

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2018-1000119

Sinatrarb » Rack-protection
Versions before (<) 1.5.5
cpe:2.3:a:sinatrarb:rack-protection:*:*:*:*:*:*:*:*
Matching versions
Sinatrarb » Rack-protection » Version: 2.0.0 Update RC1
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc1:*:*:*:*:*:*
Matching versions
Sinatrarb » Rack-protection » Version: 2.0.0 Update RC2
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc2:*:*:*:*:*:*
Matching versions
Sinatrarb » Rack-protection » Version: 2.0.0 Update RC3
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-1000119

EPSS FAQ

0.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1000119

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2018-1000119

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1000119

https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109

Use secure_compare when checking CSRF token · sinatra/sinatra@8aa6c42 · GitHub
Issue Tracking;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1060

RHSA-2018:1060 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://github.com/sinatra/rack-protection/pull/98

Use secure_compare when checking CSRF token by jeltz · Pull Request #98 · sinatra/rack-protection · GitHub
Issue Tracking;Third Party Advisory
https://www.debian.org/security/2018/dsa-4247

Debian -- Security Information -- DSA-4247-1 ruby-rack-protection

Jump to

Vulnerability Details : CVE-2018-1000119

Products affected by CVE-2018-1000119

Exploit prediction scoring system (EPSS) score for CVE-2018-1000119

CVSS scores for CVE-2018-1000119

CWE ids for CVE-2018-1000119

References for CVE-2018-1000119