travel-support-program vulnerable to data exfiltration via Ransack query injection
CVE-2022-46163

7.5HIGH

Key Information:

Vendor

Opensuse
Status
Travel-support-program
Vendor
CVE Published:
10 January 2023

What is CVE-2022-46163?

The Travel Support Program, a Rails application by openSUSE, is susceptible to a Ransack query injection that allows malicious actors to exfiltrate sensitive user information, including bank account details and password hashes. The vulnerability arises from the use of the default Ransack configuration, which permits query conditions based on associated database properties. By crafting specific search parameters such as *_start, *_end, or *_cont, an attacker can leverage character-by-character brute-force techniques to retrieve sensitive data. Extracting a bank account number can be accomplished with fewer than 200 requests, while obtaining a password hash may require around 1200 requests, all within a short timeframe. The issue has been addressed in a specific patch that users are encouraged to apply.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

travel-support-program < d22916275c51500b4004933ff1b0a69bc807b2b7

References

https://github.com/openSUSE/travel-support-program/securi...
x_refsource_CONFIRM
https://github.com/openSUSE/travel-support-program/pull/158
x_refsource_MISC
https://github.com/openSUSE/travel-support-program/commit...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.