CVE-2017-18076: High severity omniauth vulnerability
Published Jan 26, 2018
·Updated
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
Affected Software
5 affected componentsFixes available
rubygems/omniauth<1.3.2
1.3.2
debian/ruby-omniauth
1.8.1-11.9.1-12.1.1-1
OmniAuth OmniAuth Ruby<1.3.2
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Remediation
Patch Available
Event History
Jan 26, 2018
Data Sourced
06:03 PM
SeverityAffected Software
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
Description
Jan 29, 2018
Advisory Published
03:45 PM
Frequently Asked Questions
1
What is the severity of CVE-2017-18076?
CVE-2017-18076 has been rated as a moderate severity vulnerability.
2
How do I fix CVE-2017-18076?
To fix CVE-2017-18076, upgrade OmniAuth to version 1.3.2 or higher.
3
What software packages are affected by CVE-2017-18076?
CVE-2017-18076 affects OmniAuth versions prior to 1.3.2 and specific Debian package versions including ruby-omniauth.
4
What is the exploit mechanism for CVE-2017-18076?
CVE-2017-18076 allows for a potential attacker to access the authenticity_token value through improperly stored session variables.
5
Is there a known workaround for CVE-2017-18076 if I cannot upgrade?
There is no documented workaround for CVE-2017-18076, so upgrading is the recommended approach.