CVE Vulnerabilities

CVE-2019-11027

Published: Jun 10, 2019 | Modified: Jun 14, 2019
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the example app provided by the project are at highest risk.

Affected Software

Name Vendor Start Version End Version
Ruby-openid Openid * 2.8.0 (including)
Ruby-openid Ubuntu bionic *
Ruby-openid Ubuntu trusty *
Ruby-openid Ubuntu upstream *
Ruby-openid Ubuntu xenial *

References