{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28362", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2023-03-15T01:00:13.221Z", "datePublished": "2025-01-09T00:33:47.730Z", "dateUpdated": "2025-01-09T21:28:00.488Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Rails", "product": "Action Pack", "versions": [{"version": "7.0.5.1", "status": "affected", "lessThan": "7.0.5.1", "versionType": "custom"}, {"version": "6.1.7.4", "status": "affected", "lessThan": "6.1.7.4", "versionType": "custom"}]}], "references": [{"url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"}, {"url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf"}, {"url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"}, {"url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-01-09T00:33:47.730Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-116", "lang": "en", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-09T21:26:42.827377Z", "id": "CVE-2023-28362", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T21:28:00.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-28362", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-09T21:26:42.827377Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T21:27:49.728Z"}}], "cna": {"affected": [{"vendor": "Rails", "product": "Action Pack", "versions": [{"status": "affected", "version": "7.0.5.1", "lessThan": "7.0.5.1", "versionType": "custom"}, {"status": "affected", "version": "6.1.7.4", "lessThan": "6.1.7.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"}, {"url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf"}, {"url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"}, {"url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"}], "descriptions": [{"lang": "en", "value": "The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-01-09T00:33:47.730Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28362", "state": "PUBLISHED", "dateUpdated": "2025-01-09T21:28:00.488Z", "dateReserved": "2023-03-15T01:00:13.221Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-01-09T00:33:47.730Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header."}, {"lang": "es", "value": "El m\u00e9todo redirect_to method in Rails permite que los valores proporcionados contengan caracteres que no son legales en un valor de encabezado HTTP. Esto genera la posibilidad de que los servicios posteriores que aplican el cumplimiento de RFC en los encabezados de respuesta HTTP eliminen el encabezado de ubicaci\u00f3n asignado."}], "id": "CVE-2023-28362", "lastModified": "2025-01-09T22:15:26.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-09T01:15:07.750", "references": [{"source": "support@hackerone.com", "url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"}, {"source": "support@hackerone.com", "url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf"}, {"source": "support@hackerone.com", "url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"}, {"source": "support@hackerone.com", "url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7851", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "rubygem-actionpack-0:6.1.7.4-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-12-14T00:00:00Z"}], "bugzilla": {"description": "actionpack: Possible XSS via User Supplied Values to redirect_to", "id": "2217785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.", "A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header."], "name": "CVE-2023-28362", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Will not fix", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-zync-container", "product_name": "Red Hat 3scale API Management Platform 2"}], "public_date": "2023-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28362\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28362\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml"], "threat_severity": "Moderate", "upstream_fix": "rubygem-actionpack 6.1.7.4, rubygem-actionpack 7.0.5.1"}