CVE-2018-1000079
Published: 13 March 2018
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.
Notes
| Author | Note |
|---|---|
| tyhicks | ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
jruby Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(9.1.17.0-2)
|
|
| eoan |
Not vulnerable
(9.1.17.0-3)
|
|
| focal |
Not vulnerable
(9.1.17.0-3)
|
|
| groovy |
Not vulnerable
(9.1.17.0-3)
|
|
| hirsute |
Not vulnerable
(9.1.17.0-3)
|
|
| impish |
Not vulnerable
(9.1.17.0-3)
|
|
| lunar |
Not vulnerable
(9.1.17.0-3)
|
|
| mantic |
Not vulnerable
(9.1.17.0-3)
|
|
| noble |
Not vulnerable
(9.1.17.0-3)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
ruby1.9.1 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
ruby2.0 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Released
(2.0.0.484-1ubuntu2.6)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
ruby2.1 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
ruby2.3 Launchpad, Ubuntu, Debian |
artful |
Released
(2.3.3-1ubuntu1.4)
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.3.1-2~16.04.7)
|
|
|
ruby2.5 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Released
(2.5.1-1)
|
|
| cosmic |
Released
(2.5.1-1)
|
|
| disco |
Released
(2.5.1-1)
|
|
| eoan |
Released
(2.5.1-1)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
References
- https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759
- https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
- https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
- https://ubuntu.com/security/notices/USN-3621-1
- https://www.cve.org/CVERecord?id=CVE-2018-1000079
- NVD
- Launchpad
- Debian