CVE-2018-16477: Infoleak
First published: Fri Nov 30 2018(Updated: )
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rubyonrails Rails | >=5.2.0<5.2.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-16477?
CVE-2018-16477 is a bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services.
How can an attacker exploit CVE-2018-16477?
An attacker can exploit CVE-2018-16477 by modifying the 'content-disposition' and 'content-type' parameters in HTML files to execute them inline.
What can an attacker achieve by exploiting CVE-2018-16477?
By exploiting CVE-2018-16477, an attacker can execute malicious code inline within HTML files.
What versions of Active Storage are affected?
Active Storage versions 5.2.0 to 5.2.1.1 are affected by CVE-2018-16477.
Are there any recommended fixes for CVE-2018-16477?
Yes, it is recommended to update Active Storage to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/tags
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/rubyonrails
- canonical/rubyonrails rails
- version/rubyonrails rails/5.2.0