Vulnerability Description
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omniauth | Omniauth | < 1.3.2 |
| Debian | Debian Linux | 8.0 |
References
- https://bugs.debian.org/888523Issue TrackingThird Party Advisory
- https://github.com/omniauth/omniauth/pull/867PatchThird Party Advisory
- https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980cPatchThird Party Advisory
- https://www.debian.org/security/2018/dsa-4109Third Party Advisory
- https://bugs.debian.org/888523Issue TrackingThird Party Advisory
- https://github.com/omniauth/omniauth/pull/867PatchThird Party Advisory
- https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980cPatchThird Party Advisory
- https://www.debian.org/security/2018/dsa-4109Third Party Advisory
FAQ
What is CVE-2017-18076?
CVE-2017-18076 is a vulnerability with a CVSS score of 7.5 (HIGH). In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environ...
How severe is CVE-2017-18076?
CVE-2017-18076 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18076?
Check the references section above for vendor advisories and patch information. Affected products include: Omniauth Omniauth, Debian Debian Linux.