ByteOS Network

NVD Vulnerability Details :

CVE-2023-38037

Awaiting Analysis

Source-support@hackerone.com

Published At-09 Jan, 2025 | 01:15

Updated At-15 Feb, 2025 | 01:15

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

Type: Secondary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-732	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-732

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544	support@hackerone.com	N/A
https://security.netapp.com/advisory/ntap-20250214-0010/	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544

Source: support@hackerone.com

Resource: N/A

Hyperlink: https://security.netapp.com/advisory/ntap-20250214-0010/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History