CVE-2016-10522
N/A
N/A
Summary
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| https://github.com/sferik | rails_admin ruby gem | >= 1.1.1 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)
ADP Enrichment
CVE Program Container
Additional References
- https://www.sourceclear.com/blog/Rails_admin-Vulnerability-Disclosure/
- https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
- https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173
References
- https://www.sourceclear.com/blog/Rails_admin-Vulnerability-Disclosure/
- https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
- https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.