VDB
openSUSE-SU-2020%3A2000-1
openSUSE-SU-2020%3A2000-1
PUBLISHED
CVSS 7.5 HIGH
Security update for rmt-server
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| rmt | ||
| openSUSE Leap 15.1 |
Exploit Intelligence
- AnasTaoutaou/CVE-2019-5420 (github-poc-repo)
- Eremiel/CVE-2019-5420 (github-poc-repo)
- CVE-2019-5418 - File Content Disclosure on Ruby on Rails (github-poc-repo)
- A vulnerability can allow an attacker to guess the automatically generated development mode secret token. (github-poc-repo)
- mmeza-developer/CVE-2019-5420-RCE (github-poc-repo)
- POC Exploit written in Ruby (github-poc-repo)
- Exploit for the Rails CVE-2019-5420 (github-poc-repo)
- Exploit in Rails Development Mode. With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. (github-poc-repo)
- Ruby反序列化命令执行漏洞(CVE-2019-5420)-vulfocus通关版 (github-poc-repo)
- Ruby on Rails是一个 Web 应用程序框架,是一个相对较新的 Web 应用程序框架,构建在 Ruby 语言之上。这个漏洞主要是由于Ruby on Rails使用了指定参数的render file来渲染应用之外的视图,我们可以通过修改访问某控制器的请求包,通过“…/…/…/…/”来达到路径穿越的目的,然后再通过“{{”来进行模板查询路径的闭合,使得所要访问的文件被当做外部模板来解析。 (github-poc-repo)
…and 94 more exploits
Timeline
- Nov 23, 2020 CVE Published
- Apr 2, 2026 Security Advisory
References
- https://www.suse.com/support/security/rating/ url
- https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2000-1.json advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7MCDUWQEXA3XGI7X2XPATA7YTNVDYTSF/ advisory
- https://bugzilla.suse.com/1172177 advisory
- https://bugzilla.suse.com/1172182 advisory
- https://bugzilla.suse.com/1172184 advisory
- https://bugzilla.suse.com/1172186 advisory
- https://bugzilla.suse.com/1173351 advisory
- https://www.suse.com/security/cve/CVE-2019-16770/ advisory
- https://www.suse.com/security/cve/CVE-2019-5418/ advisory
- https://www.suse.com/security/cve/CVE-2019-5419/ advisory
- https://www.suse.com/security/cve/CVE-2019-5420/ advisory
- https://www.suse.com/security/cve/CVE-2020-11076/ advisory
- https://www.suse.com/security/cve/CVE-2020-11077/ advisory
- https://www.suse.com/security/cve/CVE-2020-15169/ advisory
- https://www.suse.com/security/cve/CVE-2020-5247/ advisory
- https://www.suse.com/security/cve/CVE-2020-5249/ advisory
- https://www.suse.com/security/cve/CVE-2020-5267/ advisory
- https://www.suse.com/security/cve/CVE-2020-8164/ advisory
- https://www.suse.com/security/cve/CVE-2020-8165/ advisory
…and 4 more