Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.37%
58.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruby on Rails | N/A | |
| debian | debian_linux | 11.0, 10.0 |
| rails | rails | >= 5.0.0, < 5.2.6.1, >= 7.0.0.0, < 7.0.2.1, >= 6.1.0.0, < 6.1.4.5 |
| rubyonrails | rails | 6.1.0, 7.0.0, 5.0.0 |
| RubyGems | actionpack | 5.0.0.0, 7.0.0.0, 6.0.0.0 |
Timeline
- Feb 11, 2022 CVE Published
- Feb 12, 2022 EPSS Score
- Feb 12, 2022 PoC Published
- Apr 5, 2022 EPSS Score
- Jul 18, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Oct 30, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9 url
- https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da url
- [oss-security] 20220211 [CVE-2022-23633] Possible exposure of information vulnerability in Action Pack mailing-list
- [debian-lts-announce] 20220903 [SECURITY] [DLA 3093-1] rails security update mailing-list
- DSA-5372 vendor-advisory
- https://security.netapp.com/advisory/ntap-20240119-0013/ url
- https://groups.google.com/g/rubyonrails-security/c/zlI-qMMwZvQ advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23633 advisory
- https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016 url
- https://github.com/rails/rails package
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml url
- https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ url
- https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released url
- https://security.netapp.com/advisory/ntap-20240119-0013 url