Vulnerability Details : CVE-2018-16476
Potential exploit
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-16476
- cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16476
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16476
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-16476
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: support@hackerone.com (Secondary)
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16476
-
https://access.redhat.com/errata/RHSA-2019:0600
RHSA-2019:0600 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! | Riding RailsVendor Advisory
-
https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ
[CVE-2018-16476] Broken Access Control vulnerability in Active Job - Google GroepenExploit;Mitigation;Mailing List;Third Party Advisory
Jump to