Cross-site request forgery (CSRF) vulnerability in administrate gem
Published: April 01, 2016
SECURITY IDENTIFIERS
- CVE: CVE-2016-3098 (NVD)
- GHSA: GHSA-cc8c-26rj-v2vx
- Vendor Advisory: http://seclists.org/oss-sec/2016/q2/0
GEM
SEVERITY
CVSS v3.x: 5.4 (Medium)
PATCHED VERSIONS
>= 0.1.5
DESCRIPTION
"Administrate::ApplicationController actions didn't have CSRF protection.
Remote attackers can hijack user's sessions and use any functionality that administrate
exposes on their behalf."