Executive Summary
Summary | |
---|---|
Title | OpenID library for Ruby: Server Side Request Forgery |
Informations | |||
---|---|---|---|
Name | GLSA-202003-09 | First vendor Publication | 2020-03-14 |
Vendor | Gentoo | Last vendor Modification | 2020-03-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis A vulnerability in OpenID library for Ruby at worst might allow an attacker to bypass authentication. Background Description Impact In addition, if the client that uses this library discloses connection errors, this in turn could disclose information from the private server to the attacker. Workaround Resolution References Availability https://security.gentoo.org/glsa/202003-09 |
Original Source
Url : http://security.gentoo.org/glsa/glsa-202003-09.xml |
Alert History
Date | Informations |
---|---|
2020-03-14 17:18:25 |
|