Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-45301: Vuln/ruby-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.

CVE
#web#windows#auth#ruby

Incorrect default permission of ruby if installed by chocolatey****Basic Info

Description:If we use chocolaty to install ruby in windows System.The default install dir of ruby is C:\tools\ruby31, howerver, the permission of C:\tools\ruby31 is inherited from C:, so all Users in Authenticated Users group have write permission of path C:\tools\ruby31 and files in it.

Vuln Type: CWE-276

Website: https://community.chocolatey.org/packages/ruby

Install Command : choco install ruby --version=3.1.2.1

Vuln Version: ruby 3.1.2.1 and below

Vuln Analyse

  • Use chocolatey to install ruby in Windows system

  • We can see that All Users in Authenticated Users group have write permission of C:\tools\ruby31 and files in it.

So an attacker with low privilege can hijack binary likeC:\tools\ruby31\ruby.exe to execute arbitrary code when administrator or other users use ruby installed by chocolatey.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907