A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2018-11-30T19:00:00
Updated: 2024-08-05T10:24:32.802Z
Reserved: 2018-09-04T00:00:00
Link: CVE-2018-16476
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-11-30T19:29:00.220
Modified: 2024-11-21T03:52:49.880
Link: CVE-2018-16476
Redhat