Miggo Logo

CVE-2020-15237: Possible timing attack in derivation_endpoint

5.9

CVSS Score
3.1

Basic Information

EPSS Score
0.54157%
Published
10/5/2020
Updated
5/16/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
shrinerubygems< 3.3.03.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insecure string comparison in signature verification. The original implementation used 'signature != generate_signature(string)' which performs a variable-time comparison. This was replaced with Rack::Utils.secure_compare in the patch, confirming this function as the vulnerable point. The commit diff, CWE-208 (Timing Discrepancy), and advisory all directly reference this function as the attack surface.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W**n usin* t** `**riv*tion_*n*point` plu*in, it's possi*l* *or t** *tt**k*r to us* * timin* *tt**k to *u*ss t** si*n*tur* o* t** **riv*tion URL. ### P*t***s T** pro*l*m **s ***n *ix** *y *omp*rin* s*nt *n* **l*ul*t** si*n*tur* in *onst*

Reasoning

T** vuln*r**ility st*mm** *rom ins**ur* strin* *omp*rison in si*n*tur* v*ri*i**tion. T** ori*in*l impl*m*nt*tion us** 'si*n*tur* != **n*r*t*_si*n*tur*(strin*)' w*i** p*r*orms * v*ri**l*-tim* *omp*rison. T*is w*s r*pl**** wit* R**k::Utils.s**ur*_*omp*