Detections
Analytics
FreeBSD : Rails -- permission vulnerability (feb8afdc-b3e5-11ea-9df5-08002728f74c)
medium Nessus Plugin ID 137738
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Ruby on Rails blog :Rails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185.
Solution
Update the affected package.See Also
http://www.nessus.org/u?26ba3bcb
https://github.com/rails/rails/blob/6-0-stable/actionpack/CHANGELOG.md
Plugin Details
Severity: Medium
ID: 137738
File Name: freebsd_pkg_feb8afdcb3e511ea9df508002728f74c.nasl
Version: 1.3
Type: local
Family: FreeBSD Local Security Checks
Published: 6/23/2020
Updated: 7/10/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS Score Source: CVE-2020-8185
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:rubygem-actionpack60, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 6/22/2020
Vulnerability Publication Date: 6/17/2020
Reference Information
CVE: CVE-2020-8185