CVE-2016-10522
Last modified
CVE-2016-10522 is a vulnerability of currently unknown severity. rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.. EPSS estimates a 0.98% chance of exploitation in the next 30 days.
Description
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rails Admin Project | Rails Admin | < 1.1.1 |
References
- https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537aPatch, Third Party Advisory
- https://www.sourceclear.com/blog/Rails_admin-Vulnerability-Disclosure/Exploit, Patch, Third Party Advisory
- https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173Exploit, Patch, Third Party Advisory
- https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537aPatch, Third Party Advisory
- https://www.sourceclear.com/blog/Rails_admin-Vulnerability-Disclosure/Exploit, Patch, Third Party Advisory
- https://www.sourceclear.com/registry/security/cross-site-request-forgery-csrf-/ruby/sid-3173Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10522?
How severe is CVE-2016-10522?
How do I fix CVE-2016-10522?
Are you affected by CVE-2016-10522?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST