File Permission Vulnerability in ActiveSupport for Ruby on Rails
CVE-2023-38037

Currently unrated

Key Information:

Vendor

Rails

Status
Activesupport
Vendor
CVE Published:
9 January 2025

What is CVE-2023-38037?

A vulnerability in ActiveSupport::EncryptedFile allows temporary files to inherit permissions based on the user's umask settings. This can permit unauthorized users on the same system to access the encrypted file's contents while a user is editing it. Attackers with filesystem access may exploit this flaw to read sensitive data. Users are urged to upgrade to the latest version or implement available workarounds to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ActiveSupport >= 5.2.0 < 5.2.0

ActiveSupport 5.2.0

ActiveSupport 7.0.7.1, 6.1.7.5

References

https://discuss.rubyonrails.org/t/cve-2023-38037-possible...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.