PT-2019-14515 · Plataformatec · Devise
Publicado
2019-09-08
·
Atualizado
2020-08-24
·
CVE-2019-16109
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Plataformatec Devise versions prior to 4.7.1
Description
An issue was discovered that confirms accounts upon receiving a request with a blank
confirmation token, if a database record has a blank value in the confirmation token column. However, there is no scenario within the software itself in which such database records would exist.Recommendations
For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue.
Exploit
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Devise