CVE-2023-38037

NameCVE-2023-38037
DescriptionActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5881-1
Debian Bugs1051057

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rails (PTS)bullseye (security), bullseye2:6.0.3.7+dfsg-2+deb11u2vulnerable
bookworm2:6.1.7.3+dfsg-2~deb12u1vulnerable
bookworm (security)2:6.1.7.10+dfsg-1~deb12u1fixed
sid, trixie2:7.2.2.1+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
railssourcebookworm2:6.1.7.10+dfsg-1~deb12u1DSA-5881-1
railssource(unstable)2:7.2.2.1+dfsg-11051057

Notes

[bullseye] - rails <no-dsa> (Minor issue)
https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731 (v7.0.7.1)
https://github.com/rails/rails/commit/c85cc667ebfd3c270df37c7575d580ea6462e12f (v6.1.7.5)
Search for package or bug name: Reporting problems