Miggo Logo

CVE-2016-3693: safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method

8.1

CVSS Score
3.0

Basic Information

EPSS Score
0.71792%
Published
10/24/2017
Updated
9/5/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
safemoderubygems< 1.2.41.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Safemode's Blankslate class explicitly allowing the 'inspect' method in both instance and class method whitelists. The commit diff shows 'inspect' was removed from both @@allow_instance_methods and @@allow_class_methods arrays in lib/safemode/blankslate.rb. Since Safemode delegates to Rails controllers, calling 'inspect' on these objects would leak sensitive application state. The patch directly addresses this by removing 'inspect' from allowed methods, confirming these were the vulnerable functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** S***mo** **m ***or* *.*.* *or Ru*y, w**n initi*liz** wit* * **l***t* o*j**t t**t is * R*ils *ontroll*r, *llows *ont*xt-**p*n**nt *tt**k*rs to o*t*in s*nsitiv* in*orm*tion vi* t** insp**t m*t*o*.

Reasoning

T** vuln*r**ility st*ms *rom S***mo**'s *l*nksl*t* *l*ss *xpli*itly *llowin* t** 'insp**t' m*t*o* in *ot* inst*n** *n* *l*ss m*t*o* w*it*lists. T** *ommit *i** s*ows 'insp**t' w*s r*mov** *rom *ot* @@*llow_inst*n**_m*t*o*s *n* @@*llow_*l*ss_m*t*o*s *