Bug 1213312 (CVE-2023-28362)

Summary: VUL-0: CVE-2023-28362: rubygem-actionpack-4_2,rubygem-actionpack-5_1: Possible XSS via User Supplied Values to redirect_to
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: pgajdos, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372425/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-28362:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2023-07-14 07:48:17 UTC 
CVE-2023-28362

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

ref: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28362
https://bugzilla.redhat.com/show_bug.cgi?id=2217785
Comment 4 Petr Gajdos 2023-07-18 14:26:45 UTC 
Submitted for 15/rubygem-actionpack-5_1 and 12/rubygem-actionpack-4_2.

I believe all fixed.
Comment 6 Maintenance Automation 2023-08-08 16:30:15 UTC 
SUSE-SU-2023:3229-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213312
CVE References: CVE-2023-28362
Sources used:
openSUSE Leap 15.4 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
openSUSE Leap 15.5 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP1 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP3 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP4 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP5 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2023-08-09 12:30:05 UTC 
SUSE-SU-2023:3255-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213312
CVE References: CVE-2023-28362
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src): rubygem-actionpack-4_2-4.2.9-7.18.1
SUSE OpenStack Cloud Crowbar 9 (src): rubygem-actionpack-4_2-4.2.9-7.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Andrea Mattiazzo 2024-06-07 12:15:07 UTC 
All done, closing.