CVE-2017-18076 — Vulnetix

CVE-2017-18076 PUBLISHED

In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.

EPSS 0.44% · 63.5th percentile

Risk Scores

EPSS Score

0.44%

63.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	ruby-omniauth	0, 1.2.2-3, 1.3.1-1

Exploit Intelligence

https://github.com/omniauth/omniauth/pull/867 (circl)
DSA-4109 (circl)
https://bugs.debian.org/888523 (circl)
https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b (circl)

Timeline

Jan 26, 2018 CVE Published
Oct 3, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-18076 third-party-advisory
https://github.com/omniauth/omniauth/pull/867 third-party-advisory
https://bugs.debian.org/888523 third-party-advisory
https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-18076 third-party-advisory

Open in Interactive Console →