CVE-2016-0752 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-0752 Interim 1 17 2023-02-12T02:22:39Z current 2021-05-30T13:37:12Z 2023-02-12T02:22:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-0752 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-February/001878.html E-Mail link for SUSE-SU-2016:0456-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001879.html E-Mail link for SUSE-SU-2016:0457-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001898.html E-Mail link for SUSE-SU-2016:0599-1 https://lists.suse.com/pipermail/sle-security-updates/2016-March/001901.html E-Mail link for SUSE-SU-2016:0618-1 https://lists.suse.com/pipermail/sle-security-updates/2016-March/001964.html E-Mail link for SUSE-SU-2016:0858-1 https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html E-Mail link for SUSE-SU-2016:1146-1 https://lists.suse.com/pipermail/sle-security-updates/2017-February/002650.html E-Mail link for SUSE-SU-2017:0475-1 https://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html E-Mail link for openSUSE-SU-2016:0363-1 https://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html E-Mail link for openSUSE-SU-2016:0372-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 2.1 SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 SUSE Studio Onsite 1.3 SUSE Studio Onsite Runner 1.3 SUSE WebYast 1.3 libcontainment-insomnia-0.1.1-0.9.4.19 libjansson4-2.2.1-0.9.11.6 portus-2.0.3-2.4 qemu-ext2-0.1.1-0.9.4.19 ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1 ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 ruby2.1-rubygem-actionview-4_1-4.1.9-9.1 ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 rubygem-actionpack-3_2-3.2.12-0.23.1 rubygem-bundler19-1.7.0-0.13.10 studio-help-1.3.20-0.6.9 susestudio-1.3.14-52.1 susestudio-bundled-packages-1.3.14-52.1 susestudio-common-1.3.14-52.1 susestudio-runner-1.3.14-52.1 susestudio-sid-1.3.14-52.1 susestudio-ui-server-1.3.14-52.1 ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 as a component of SUSE Enterprise Storage 2.1 ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 as a component of SUSE Enterprise Storage 2.1 rubygem-actionpack-3_2-3.2.12-0.23.1 as a component of SUSE Lifecycle Management Server 1.3 portus-2.0.3-2.4 as a component of SUSE Linux Enterprise Module for Containers 12 rubygem-actionpack-3_2-3.2.12-0.23.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-actionview-4_1-4.1.9-9.1 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 as a component of SUSE OpenStack Cloud 6 libcontainment-insomnia-0.1.1-0.9.4.19 as a component of SUSE Studio Onsite 1.3 libjansson4-2.2.1-0.9.11.6 as a component of SUSE Studio Onsite 1.3 qemu-ext2-0.1.1-0.9.4.19 as a component of SUSE Studio Onsite 1.3 rubygem-actionpack-3_2-3.2.12-0.23.1 as a component of SUSE Studio Onsite 1.3 rubygem-bundler19-1.7.0-0.13.10 as a component of SUSE Studio Onsite 1.3 studio-help-1.3.20-0.6.9 as a component of SUSE Studio Onsite 1.3 susestudio-1.3.14-52.1 as a component of SUSE Studio Onsite 1.3 susestudio-bundled-packages-1.3.14-52.1 as a component of SUSE Studio Onsite 1.3 susestudio-common-1.3.14-52.1 as a component of SUSE Studio Onsite 1.3 susestudio-runner-1.3.14-52.1 as a component of SUSE Studio Onsite 1.3 susestudio-sid-1.3.14-52.1 as a component of SUSE Studio Onsite 1.3 susestudio-ui-server-1.3.14-52.1 as a component of SUSE Studio Onsite 1.3 libcontainment-insomnia-0.1.1-0.9.4.19 as a component of SUSE Studio Onsite Runner 1.3 libjansson4-2.2.1-0.9.11.6 as a component of SUSE Studio Onsite Runner 1.3 qemu-ext2-0.1.1-0.9.4.19 as a component of SUSE Studio Onsite Runner 1.3 rubygem-bundler19-1.7.0-0.13.10 as a component of SUSE Studio Onsite Runner 1.3 studio-help-1.3.20-0.6.9 as a component of SUSE Studio Onsite Runner 1.3 susestudio-1.3.14-52.1 as a component of SUSE Studio Onsite Runner 1.3 susestudio-bundled-packages-1.3.14-52.1 as a component of SUSE Studio Onsite Runner 1.3 susestudio-common-1.3.14-52.1 as a component of SUSE Studio Onsite Runner 1.3 susestudio-runner-1.3.14-52.1 as a component of SUSE Studio Onsite Runner 1.3 susestudio-sid-1.3.14-52.1 as a component of SUSE Studio Onsite Runner 1.3 susestudio-ui-server-1.3.14-52.1 as a component of SUSE Studio Onsite Runner 1.3 rubygem-actionpack-3_2-3.2.12-0.23.1 as a component of SUSE WebYast 1.3 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. CVE-2016-0752 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 SUSE Lifecycle Management Server 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1 SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4 SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-actionpack-3_2-3.2.12-0.23.1 SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1 SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionview-4_1-4.1.9-9.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 SUSE Studio Onsite 1.3:libcontainment-insomnia-0.1.1-0.9.4.19 SUSE Studio Onsite 1.3:libjansson4-2.2.1-0.9.11.6 SUSE Studio Onsite 1.3:qemu-ext2-0.1.1-0.9.4.19 SUSE Studio Onsite 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1 SUSE Studio Onsite 1.3:rubygem-bundler19-1.7.0-0.13.10 SUSE Studio Onsite 1.3:studio-help-1.3.20-0.6.9 SUSE Studio Onsite 1.3:susestudio-1.3.14-52.1 SUSE Studio Onsite 1.3:susestudio-bundled-packages-1.3.14-52.1 SUSE Studio Onsite 1.3:susestudio-common-1.3.14-52.1 SUSE Studio Onsite 1.3:susestudio-runner-1.3.14-52.1 SUSE Studio Onsite 1.3:susestudio-sid-1.3.14-52.1 SUSE Studio Onsite 1.3:susestudio-ui-server-1.3.14-52.1 SUSE Studio Onsite Runner 1.3:libcontainment-insomnia-0.1.1-0.9.4.19 SUSE Studio Onsite Runner 1.3:libjansson4-2.2.1-0.9.11.6 SUSE Studio Onsite Runner 1.3:qemu-ext2-0.1.1-0.9.4.19 SUSE Studio Onsite Runner 1.3:rubygem-bundler19-1.7.0-0.13.10 SUSE Studio Onsite Runner 1.3:studio-help-1.3.20-0.6.9 SUSE Studio Onsite Runner 1.3:susestudio-1.3.14-52.1 SUSE Studio Onsite Runner 1.3:susestudio-bundled-packages-1.3.14-52.1 SUSE Studio Onsite Runner 1.3:susestudio-common-1.3.14-52.1 SUSE Studio Onsite Runner 1.3:susestudio-runner-1.3.14-52.1 SUSE Studio Onsite Runner 1.3:susestudio-sid-1.3.14-52.1 SUSE Studio Onsite Runner 1.3:susestudio-ui-server-1.3.14-52.1 SUSE WebYast 1.3:rubygem-actionpack-3_2-3.2.12-0.23.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N