Executive Summary

CVE-2024-28103 represents a critical vulnerability within the Action Pack framework, a core component of the Ruby on Rails web application framework. This vulnerability stems from improper input validation associated with the application configurable Permissions-Policy, which is only served on responses with an HTML-related Content-Type. The vulnerability affects versions from 6.1.0 up to 6.1.7.8, 7.0.0 up to 7.0.8.4, and 7.1.0 up to 7.1.3.4. The issue has been resolved in versions 6.1.7.8, 7.0.8.2, and 7.1.3.3. Given the critical nature of this vulnerability, with a CVSS score of 9.8, it is imperative for organizations using affected versions to implement the recommended patches immediately to mitigate potential risks.

Technical Information

CVE-2024-28103 is a critical vulnerability identified in the Action Pack framework, which is part of the Ruby on Rails web application framework. The vulnerability arises from improper input validation, specifically related to the application configurable Permissions-Policy, which is only served on responses with an HTML-related Content-Type. This improper validation can be exploited to perform cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects versions from 6.1.0 up to 6.1.7.8, 7.0.0 up to 7.0.8.4, and 7.1.0 up to 7.1.3.4. The issue has been resolved in versions 6.1.7.8, 7.0.8.2, and 7.1.3.3. The CVSS v3.1 score from the National Vulnerability Database (NVD) is 9.8, indicating a critical severity level, with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This score reflects the potential for significant impact on confidentiality, integrity, and availability if the vulnerability is exploited.

Exploitation in the Wild

Currently, there are no reports of exploitation in the wild or available exploits for CVE-2024-28103. However, the vulnerability allows attackers to perform cross-site scripting (XSS) attacks by exploiting the improper input validation in the Permissions-Policy. This can lead to unauthorized access and manipulation of web applications using the affected versions of the Action Pack framework. Organizations should remain vigilant and monitor for any signs of exploitation, as the potential impact of this vulnerability is significant.

APT Groups using this vulnerability

While specific APT groups exploiting this vulnerability have not been identified, the nature of the vulnerability makes it a potential target for groups specializing in web application attacks, particularly those focusing on XSS vulnerabilities. These groups often target sectors such as finance, healthcare, and government, where sensitive data is frequently processed and stored. Organizations in these sectors should be particularly cautious and ensure that they have implemented the necessary patches and mitigations.

Affected Product Versions

The affected product versions include Ruby on Rails versions from 6.1.0 up to 6.1.7.8, 7.0.0 up to 7.0.8.4, and 7.1.0 up to 7.1.3.4. Organizations using these versions should prioritize upgrading to the patched versions, which are 6.1.7.8, 7.0.8.2, and 7.1.3.3, to mitigate the risk of exploitation.

Workaround and Mitigation

To mitigate the risk posed by CVE-2024-28103, organizations should upgrade to the patched versions of Ruby on Rails: 6.1.7.8, 7.0.8.2, or 7.1.3.3. Additionally, applying patches provided by the vendor is crucial. These patches are available at the following links: GitHub Patch and Vendor Advisory. Organizations should also review their web application security practices and consider implementing additional security measures, such as web application firewalls and regular security audits, to further protect against potential attacks.

References

For more detailed information on CVE-2024-28103, please refer to the following resources: National Vulnerability Database (NVD) Entry, SUSE Security Advisory, Rapid7 Vulnerability Database, and Ruby on Rails Security Announcements. These resources provide comprehensive information on the vulnerability, including technical details, mitigation strategies, and updates from the vendor.

Rescana is here for you

At Rescana, we understand the challenges organizations face in managing cybersecurity risks. Our Continuous Threat and Exposure Management (CTEM) platform is designed to help you identify, assess, and mitigate vulnerabilities like CVE-2024-28103. By providing real-time insights and actionable intelligence, we empower you to protect your critical assets and maintain a robust security posture. If you have any questions about this report or need further assistance, please do not hesitate to contact us at ops@rescana.com. We are here to support you in navigating the complex cybersecurity landscape.