Descriptionrequest.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA ruby2.7-rubygem-web-console-4.1.0-1.5
openSUSE Tumbleweed GA ruby3.2-rubygem-web-console-4.2.0-1.9
SUSE Timeline for this CVECVE page created: Mon Jun 15 23:22:50 2015
CVE page last modified: Sun Aug 27 09:14:44 2023