CVE-2017-0904 - OpenCVE

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Private Address Check Project	Private Address Check

Configuration 1 [-]

cpe:2.3:a:private_address_check_project:private_address_check:*:*:*:*:*:ruby:*:*

References

Link	Resource
https://edoverflow.com/2017/ruby-resolv-bug/	Issue Tracking Third Party Advisory
https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af	Third Party Advisory
https://github.com/jtdowney/private_address_check/issues/1	Issue Tracking Third Party Advisory
https://hackerone.com/reports/287245	Issue Tracking Mitigation Patch Third Party Advisory
https://hackerone.com/reports/287835	Permissions Required Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2017-11-05T00:00:00

Updated: 2017-11-13T16:57:01

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-0904

JSON object: View

NVD Information

Status : Modified

Published: 2017-11-13T17:29:00.347

Modified: 2019-10-09T23:21:10.900

Link: CVE-2017-0904

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "private_address_check ruby gem", "vendor": "jtdowney", "versions": [{"status": "affected", "version": "Versions before 0.4.0"}]}], "datePublic": "2017-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-242", "description": "Use of Inherently Dangerous Function (CWE-242)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-11-13T16:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/287245"}, {"tags": ["x_refsource_MISC"], "url": "https://edoverflow.com/2017/ruby-resolv-bug/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jtdowney/private_address_check/issues/1"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/287835"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2017-11-05T00:00:00", "ID": "CVE-2017-0904", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "private_address_check ruby gem", "version": {"version_data": [{"version_value": "Versions before 0.4.0"}]}}]}, "vendor_name": "jtdowney"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use of Inherently Dangerous Function (CWE-242)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/287245", "refsource": "MISC", "url": "https://hackerone.com/reports/287245"}, {"name": "https://edoverflow.com/2017/ruby-resolv-bug/", "refsource": "MISC", "url": "https://edoverflow.com/2017/ruby-resolv-bug/"}, {"name": "https://github.com/jtdowney/private_address_check/issues/1", "refsource": "CONFIRM", "url": "https://github.com/jtdowney/private_address_check/issues/1"}, {"name": "https://hackerone.com/reports/287835", "refsource": "MISC", "url": "https://hackerone.com/reports/287835"}, {"name": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af", "refsource": "CONFIRM", "url": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2017-0904", "datePublished": "2017-11-05T00:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2017-11-13T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:private_address_check_project:private_address_check:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "0201F942-329A-43A4-B384-8A3257C7D6F9", "versionEndExcluding": "0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery."}, {"lang": "es", "value": "La gema de Ruby private_address_check en versiones anteriores a la 0.4.0 es vulnerable a una omisi\u00f3n debido al uso del m\u00e9todo de Ruby Resolv.getaddresses, que depende del sistema operativo y del que no se deber\u00eda depender para aplicar medidas de seguridad, como cuando se emplea para bloquear direcciones de red privadas para evitar Server-Side Rrequest Forgery."}], "id": "CVE-2017-0904", "lastModified": "2019-10-09T23:21:10.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-13T17:29:00.347", "references": [{"source": "support@hackerone.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://edoverflow.com/2017/ruby-resolv-bug/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/jtdowney/private_address_check/issues/1"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/287245"}, {"source": "support@hackerone.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/287835"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-242"}], "source": "support@hackerone.com", "type": "Secondary"}]}