QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-16476

Back to search

CVE-2018-16476

Published: Nov 30, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

VendorProductVersions

n/a

https://github.com/rails/rails

affected
4.2.0 up to and before 4.2.11
affected
4.2.0 up to and before 5.0.7.1
affected
4.2.0 up to and before 5.1.6.1
affected
4.2.0 up to and before 5.2.1.1

Weaknesses (CWE)

CWE-284

References

RHSA-2019:0600
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now