CVE-2024-32978

EPSS 0.13%
Veröffentlicht 27.05.2024 16:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Kaminari Insecure File Permissions Vulnerability

Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerkaminari_project

≫

Produkt kaminari

Default Statusaffected

Version 0.15.0

Status affected

Version 0.15.1

Status affected

Version 0.16.0

Status affected

Version 0.16.1

Status affected

Version 0.16.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.327

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.6	0.7	5.9	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/kaminari/kaminari/security/advisories/GHSA-7r3j-qmr4-jfpj

https://nvd.nist.gov/vuln/detail/CVE-2024-32978

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32978

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32978

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32978