Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-38037

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

rubygem-activesupport: File Disclosure of Locally Encrypted Files

Mitigation

To work around this issue, users can set their umask to be more restrictive: $ umask 0077

Affected Software List

Name Vendor Version
Red Hat Satellite 6.15 for RHEL 8 RedHat rubygem-activesupport-0:6.1.7.6-1.el8sat
Red Hat Satellite 6.15 for RHEL 8 RedHat rubygem-activesupport-0:6.1.7.6-1.el8sat
RHOL-5.7-RHEL-8 RedHat openshift-logging/fluentd-rhel8:v1.14.6-203
RHOL-5.8-RHEL-9 RedHat openshift-logging/fluentd-rhel9:v5.8.1-9

Ubuntu

[Active Support Possibly Discloses Locally Encrypted Files]

Affected Software List

Name Vendor Version
Rails Ubuntu/bionic end of standard support
Rails Ubuntu/lunar end of life, was needs-triage
Rails Ubuntu/upstream TBD
Rails Ubuntu/esm-apps/bionic TBD
Rails Ubuntu/focal TBD
Rails Ubuntu/trusty end of standard support
Rails Ubuntu/esm-apps/xenial TBD
Rails Ubuntu/jammy TBD
Rails Ubuntu/mantic end of life, was needs-triage
Rails Ubuntu/esm-apps/noble TBD
Rails Ubuntu/noble TBD
Rails Ubuntu/xenial end of standard support
Rails Ubuntu/devel TBD
Rails Ubuntu/esm-apps/focal TBD
Rails Ubuntu/esm-apps/jammy TBD
Rails-4.0 Ubuntu/upstream TBD
Rails-4.0 Ubuntu/trusty end of standard support
Ruby-actionpack-3.2 Ubuntu/trusty end of standard support
Ruby-actionpack-3.2 Ubuntu/upstream TBD
Ruby-activemodel-3.2 Ubuntu/upstream TBD
Ruby-activemodel-3.2 Ubuntu/trusty end of standard support
Ruby-activerecord-3.2 Ubuntu/upstream TBD
Ruby-activerecord-3.2 Ubuntu/trusty end of standard support
Ruby-activesupport-3.2 Ubuntu/trusty end of standard support
Ruby-activesupport-3.2 Ubuntu/upstream TBD
Ruby-rails-3.2 Ubuntu/trusty end of standard support
Ruby-rails-3.2 Ubuntu/upstream TBD
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use