CVE-2024-39308

{"id": "CVE-2024-39308", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-07-08T15:15:22.080", "references": [{"url": "https://github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/railsadminteam/rails_admin/issues/3686", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://rubygems.org/gems/rails_admin/versions/2.3.0", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://rubygems.org/gems/rails_admin/versions/3.1.3", "tags": ["Patch"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released)."}, {"lang": "es", "value": "RailsAdmin es un motor Rails que proporciona una interfaz para gestionar datos. La vista de lista RailsAdmin tiene la vulnerabilidad XSS, causada por un atributo de t\u00edtulo HTML con escape incorrecto. Actualice a 3.1.3 o 2.2.2 (por publicarse)."}], "lastModified": "2024-08-22T14:22:34.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rails_admin_project:rails_admin:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "5835771A-4E7F-409A-939E-8442D2E9A5CE", "versionEndExcluding": "2.3.0"}, {"criteria": "cpe:2.3:a:rails_admin_project:rails_admin:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "516887D9-E69F-452C-B73F-7812CC6B4731", "versionEndExcluding": "3.1.3", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}