{}

{}

{}

{"affected_release": [{"advisory": "RHSA-2024:2010", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "package": "rubygem-activesupport-0:6.1.7.6-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:2010", "cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8", "package": "rubygem-activesupport-0:6.1.7.6-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:0268", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-203", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-01-17T00:00:00Z"}, {"advisory": "RHSA-2023:7720", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/fluentd-rhel9:v5.8.1-9", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2023-12-13T00:00:00Z"}], "bugzilla": {"description": "rubygem-activesupport: File Disclosure of Locally Encrypted Files", "id": "2236261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-377", "details": ["An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user\u2019s current umask settings, possibly leading to information disclosure by other users on the same system."], "mitigation": {"lang": "en:us", "value": "To work around this issue, users can set their umask to be more restrictive: \n$ umask 0077"}, "name": "CVE-2023-38037", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "rubygem-activesupport", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "candlepin", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-rubygem-activesupport", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rubygem-activesupport", "product_name": "Red Hat Storage 3"}], "public_date": "2023-08-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38037\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38037\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml"], "threat_severity": "Low", "upstream_fix": "activesupport 7.0.7.1, activesupport 6.1.7.5"}