CVE-2015-10083

A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.221503	Third Party Advisory VDB Entry
https://github.com/harrystech/dynosaur-rails/pull/11	Patch
https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec	Patch
https://vuldb.com/?ctiid.221503	Permissions Required Press/Media Coverage Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:harrys:dynosaur-rails:*:*:*:*:*:*:*:*

Information

Published : 2023-02-21 07:15

Updated : 2023-03-02 08:16

NVD link : CVE-2015-10083

Mitre link : CVE-2015-10083

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

harrys

dynosaur-rails

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://vuldb.com/?id.221503", "name": "https://vuldb.com/?id.221503", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://github.com/harrystech/dynosaur-rails/pull/11", "name": "https://github.com/harrystech/dynosaur-rails/pull/11", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec", "name": "https://github.com/harrystech/dynosaur-rails/commit/04b223813f0e336aab50bff140d0f5889c31dbec", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.221503", "name": "https://vuldb.com/?ctiid.221503", "tags": ["Permissions Required", "Press/Media Coverage", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-10083", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-02-21T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:harrys:dynosaur-rails:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2015-09-15"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-02T16:16Z"}