CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack
(updated )
There’s a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.
The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.
References
- github.com/advisories/GHSA-hrqr-hxpp-chr3
- github.com/rack/rack
- github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
- github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
- nvd.nist.gov/vuln/detail/CVE-2019-16782
Detect and mitigate CVE-2019-16782 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →