Detections
Analytics

Rails Web Console Detected

critical Web App Scanning Plugin ID 113342

Language:

Synopsis

Rails Web Console Detected

Description

Rails has several gems, including a native one allowing access to a ruby console through the application. Badly configured, this console is accessible without authorization to any user, which allows to execute arbitrary code remotely.

Solution

Restrict the web console feature to authorized users only, or disable it.

See Also

https://github.com/BetterErrors/better_errors

https://github.com/rails/web-console

Plugin Details

Severity: Critical

ID: 113342

Type: remote

Published: 9/6/2022

Updated: 9/6/2022

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information