Bug 1213312 (CVE-2023-28362) - VUL-0: CVE-2023-28362: rubygem-actionpack-4_2,rubygem-actionpack-5_1: Possible XSS via User Supplied Values to redirect_to
Summary: VUL-0: CVE-2023-28362: rubygem-actionpack-4_2,rubygem-actionpack-5_1: Possibl...
Status: RESOLVED FIXED
Alias: CVE-2023-28362
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372425/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-28362:6.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-14 07:48 UTC by Robert Frohl
Modified: 2024-06-07 12:15 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2023-07-14 07:48:17 UTC 
CVE-2023-28362

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

ref: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28362
https://bugzilla.redhat.com/show_bug.cgi?id=2217785
Comment 4 Petr Gajdos 2023-07-18 14:26:45 UTC 
Submitted for 15/rubygem-actionpack-5_1 and 12/rubygem-actionpack-4_2.

I believe all fixed.
Comment 6 Maintenance Automation 2023-08-08 16:30:15 UTC 
SUSE-SU-2023:3229-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213312
CVE References: CVE-2023-28362
Sources used:
openSUSE Leap 15.4 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
openSUSE Leap 15.5 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP1 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP3 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP4 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1
SUSE Linux Enterprise High Availability Extension 15 SP5 (src): rubygem-actionpack-5_1-5.1.4-150000.3.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Maintenance Automation 2023-08-09 12:30:05 UTC 
SUSE-SU-2023:3255-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1213312
CVE References: CVE-2023-28362
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src): rubygem-actionpack-4_2-4.2.9-7.18.1
SUSE OpenStack Cloud Crowbar 9 (src): rubygem-actionpack-4_2-4.2.9-7.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Andrea Mattiazzo 2024-06-07 12:15:07 UTC 
All done, closing.