6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-8185

GHSA ID

GHSA-c6qr-h5vq-59jc

EPSS Score

0.76766%

CWE

CWE-400

Published

6/24/2020

Updated

7/5/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-8185

CVE-2020-8185: Untrusted users can run pending migrations in production in Rails

There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

This vulnerability has been assigned the CVE identifier CVE-2020-8185.

Versions Affected: 6.0.0 < rails < 6.0.3.2 Not affected: Applications with config.action_dispatch.show_exceptions = false (this is not a default setting in production) Fixed Versions: rails >= 6.0.3.2

Impact

Using this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.

Workarounds

Until such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:

config.middleware.delete ActionDispatch::ActionableExceptions

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-8185

GHSA ID

GHSA-c6qr-h5vq-59jc

EPSS Score

0.76766%

CWE

CWE-400

Published

6/24/2020

Updated

7/5/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
actionpack	rubygems	>= 6.0.0, <= 6.0.3.1	6.0.3.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the ActionableExceptions middleware's flawed authorization check. The commit 2121b9d shows the fix changed the conditional from request.show_exceptions? to check show_detailed_exceptions header. This incorrect configuration check allowed attackers to trigger migrations via the actionable exceptions endpoint when show_exceptions was enabled (production default). The middleware's presence and flawed validation logic directly enabled the exploit.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r* is * vuln*r**ility in v*rsions o* R*ils prior to *.*.*.* t**t *llow** *n untrust** us*r to run *ny p*n*in* mi*r*tions on * R*ils *pp runnin* in pro*u*tion. T*is vuln*r**ility **s ***n *ssi*n** t** *V* i**nti*i*r *V*-****-****. V*rsions *****t

Reasoning

T** vuln*r**ility st*ms *rom t** **tion**l**x**ptions mi**l*w*r*'s *l*w** *ut*oriz*tion ****k. T** *ommit ******* s*ows t** *ix ***n*** t** *on*ition*l *rom `r*qu*st.s*ow_*x**ptions?` to ****k `s*ow_**t*il**_*x**ptions` *****r. T*is in*orr**t *on*i*u

6.5

Basic Information

Concerned about an active attack path?

CVE-2020-8185: Untrusted users can run pending migrations in production in Rails

Impact

Workarounds

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI