GHSA-wrrw-crp8-979q

Source

https://github.com/advisories/GHSA-wrrw-crp8-979q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-wrrw-crp8-979q/GHSA-wrrw-crp8-979q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wrrw-crp8-979q

Published

2022-09-15T03:21:00Z

Modified

2024-12-06T05:28:43.784025Z

Summary

Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Details

Impact

The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to.

Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The *_starts_with, *_ends_with or *_contains search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force.

[1] https://activerecord-hackery.github.io/ransack/going-further/associations/ [2] https://activerecord-hackery.github.io/ransack/getting-started/search-matches/

Mitigation

Upgrade to version 15.7.1 or 14.5.2 of the pageflow gem.

For more information

If you have any questions or comments about this advisory email us at info(at)codevise.de

Credits

Positive Security

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:21:00Z"
}

References

Affected packages

RubyGems / pageflow

Package

Name: pageflow
Purl: pkg:gem/pageflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.5.2

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.1.0

0.2.0

0.2.1

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.7.1

0.7.2

0.8.0

0.8.1

0.8.2

0.9.0

0.9.1

0.9.2

0.10.0

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

12.*

12.0.0.rc1

12.0.0.rc2

12.0.0.rc3

12.0.0.rc4

12.0.0.rc5

12.0.0.rc6

12.0.0.rc7

12.0.0

12.0.1

12.0.2

12.0.3

12.0.4

12.1.0

12.2.0

12.3.0

12.4.0

12.4.1

12.5.0

12.6.0

13.*

13.0.0.beta1

13.0.0.beta2

13.0.0.beta3

13.0.0.beta4

13.0.0.beta5

13.0.0.beta6

13.0.0.beta7

13.0.0.rc1

13.0.0

13.1.0

13.2.0

13.3.0

13.4.0

13.5.0

13.6.0

14.*

14.0.0.beta1

14.0.0.beta2

14.0.0.beta3

14.0.0.rc1

14.0.0.rc2

14.0.0

14.1.0

14.1.1

14.2.0

14.2.1

14.3.0

14.4.0

14.5.0

14.5.1

RubyGems / pageflow

Package

Name: pageflow
Purl: pkg:gem/pageflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

15.7.1

Affected versions

15.*

15.0.0

15.0.1

15.0.2

15.1.0.beta1

15.1.0.beta2

15.1.0.beta3

15.1.0.beta4

15.1.0.beta5

15.1.0.beta6

15.1.0.rc0

15.1.0

15.1.1

15.1.2

15.2.0

15.2.1

15.2.2

15.3.0

15.4.0

15.5.0

15.6.0

15.6.1

15.7.0