vulnerability

SUSE: CVE-2019-5420: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Mar 27, 2019	Nov 5, 2020	Jul 30, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Mar 27, 2019

Added

Nov 5, 2020

Modified

Jul 30, 2025

Description

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Solutions

suse-upgrade-rmt-serversuse-upgrade-rmt-server-configsuse-upgrade-rmt-server-pubcloud

References

SUSE-SUSE-SU-2020:3036-1
SUSE-SUSE-SU-2020:3147-1
SUSE-SUSE-SU-2020:3160-1
NVD-CVE-2019-5420

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report