Auto-merge PR#2942

2025-06-10 02:04:31 +00:00 · 2019-12-18 14:50:17 -05:00 · 2019-12-18 14:50:17 -05:00 · 1e8427051c
commit 1e8427051c
parent d2aab1df3f 206e364c11
1 changed files with 88 additions and 0 deletions
--- a/2019/16xxx/CVE-2019-16782.json
+++ b/2019/16xxx/CVE-2019-16782.json
@ -0,0 +1,88 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
+        "ID": "CVE-2019-16782",
+        "STATE": "PUBLIC",
+        "TITLE": "Possible Information Leak / Session Hijack Vulnerability in Rack"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "rack",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "before 1.6.12 or 2.0.8"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "rack"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8.\n\nAttackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.3,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-208 Information Exposure Through Timing Discrepancy"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
+            },
+            {
+                "name": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-hrqr-hxpp-chr3",
+        "discovery": "UNKNOWN"
+    }
+}