Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36563: Vuln/Railsinstaller-Vuln.md at main · ycdxsb/Vuln

Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

CVE
#auth#ruby

Incorrect default permission of RailsInstaller dir****Basic Info

Description:The default install dir of RailsInstaller is C:\RailsInstaller, howerver, the permission of C:\RailsInstaller is inherited from C:, so all Users in Authenticated Users group have write permission of C:\RailsInstaller and files in it.

Vuln Type: CWE-276

Vuln influence: arbitrary code execution

Download:https://railsinstaller.org/

Vuln Version: 3.4.0 and below

Vuln Analyse

The default install dir of RailsInstaller is C:\RailsInstaller

howerver, the permission of C:\RailsInstaller is inherited from C:.

All Users in Authenticated Users group have write permission of C:\RailsInstaller and files in it.

So an attacker with low privilege can hijack binary like ruby.exe to execute arbitrary code when administrator or other users use ruby installed by RailsInstaller

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907