CVE-2017-0905 Information

Feb 14, 2021 cve

Description

The Recurly Client Ruby Library before 2.0.13 2.1.11 2.2.5 2.3.10 2.4.11 2.5.4 2.6.3 2.7.8 2.8.2 2.9.2 2.10.4 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the \Resourcefind\ method that could result in compromise of API keys or other critical resources.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://dev.recurly.com/page/ruby-updates https://dev.recurly.com/page/ruby-updates https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be https://hackerone.com/reports/288635 The Recurly Client Ruby Library before 2.0.13 2.1.11 2.2.5 2.3.10 2.4.11 2.5.4 2.6.3 2.7.8 2.8.2 2.9.2 2.10.4 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the \Resourcefind
method that could result in compromise of API keys or other critical resources. cpe:2.3:a:recurly:recurly_client_ruby:2.0.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.4:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.5:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.6:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.7:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.8:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.9:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.10:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.11:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.0.12:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.0:c:::::: cpe:2.3:a:recurly:recurly_client_ruby:2.1.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.4:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.5:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.6:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.7:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.8:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.9:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.1.10:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.2.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.2.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.2.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.2.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.2.4:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.0:beta1:::::: cpe:2.3:a:recurly:recurly_client_ruby:2.3.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.4:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.5:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.6:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.7:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.8:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.3.9:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.4:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.5:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.6:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.7:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.8:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.9:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.4.10:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.5.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.5.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.5.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.5.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.6.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.6.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.6.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.4:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.5:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.6:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.7.7:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.8.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.8.0:rc1:::::: cpe:2.3:a:recurly:recurly_client_ruby:2.8.0:rc3:::::: cpe:2.3:a:recurly:recurly_client_ruby:2.8.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.9.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.9.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.10.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.10.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.10.2:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.10.3:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.11.0:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.11.1:::::::* cpe:2.3:a:recurly:recurly_client_ruby:2.11.2:::::::*

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: