6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22797

GHSA ID

GHSA-9445-4cr6-336r

EPSS Score

0.31929%

CWE

CWE-601

Published

1/18/2023

Updated

6/27/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-22797

CVE-2023-22797: Open Redirect Vulnerability in Action Pack

There is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797.

Versions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1 Impact

There is a possible open redirect when using the redirect_to helper with untrusted user input.

Vulnerable code will look like this:

redirect_to(params[:some_param])

Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL.

All users running an affected release should either upgrade or use one of the workarounds immediately. Releases

The FIXED releases are available at the normal locations. Workarounds

There are no feasible workarounds for this issue. Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

7-0-Fix-sec-issue-with-_url_host_allowed.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22797

GHSA ID

GHSA-9445-4cr6-336r

EPSS Score

0.31929%

CWE

CWE-601

Published

1/18/2023

Updated

6/27/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
actionpack	rubygems	>= 7.0.0, < 7.0.4.1	7.0.4.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the URL host validation check implemented in Rails 7.0's redirect_to protection. The patch name ('Fix-sec-issue-with-_url_host_allowed.patch') and release notes explicitly reference fixes to _url_host_allowed? as the root cause. This method was responsible for validating redirect targets but contained bypassable checks, making it the clear vulnerable function. The vulnerability manifests when this method fails to properly validate crafted URLs passed to redirect_to with user input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r* is * vuln*r**ility in **tion *ontroll*r’s r**ir**t_to. T*is vuln*r**ility **s ***n *ssi*n** t** *V* i**nti*i*r *V*-****-*****. V*rsions *****t**: >= *.*.* Not *****t**: < *.*.* *ix** V*rsions: *.*.*.* Imp**t T**r* is * possi*l* op*n r**ir**t

Reasoning

T** vuln*r**ility *xists in t** URL *ost v*li**tion ****k impl*m*nt** in R*ils *.*'s r**ir**t_to prot**tion. T** p*t** n*m* ('*ix-s**-issu*-wit*-_url_*ost_*llow**.p*t**') *n* r*l**s* not*s *xpli*itly r***r*n** *ix*s to _url_*ost_*llow**? *s t** root

6.1

Basic Information

Concerned about an active attack path?

CVE-2023-22797: Open Redirect Vulnerability in Action Pack

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI