CVE-2020-8166: Ability to forge per-form CSRF tokens in Rails
(updated )
It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.
Impact
Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.
Workarounds
This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.
References
- github.com/advisories/GHSA-jp5v-5gx4-jmj9
- github.com/rails/rails
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
- groups.google.com/forum/
- groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
- hackerone.com/reports/732415
- nvd.nist.gov/vuln/detail/CVE-2020-8166
- www.debian.org/security/2020/dsa-4766
Code Behaviors & Features
Detect and mitigate CVE-2020-8166 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →