vulnerability

SUSE: CVE-2020-8167: SUSE Linux Security Advisory

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

May 18, 2020

Added

Nov 5, 2020

Modified

Jul 30, 2025

Description

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

suse-upgrade-ruby2-5-rubygem-actionview-5_1suse-upgrade-rmt-serversuse-upgrade-rmt-server-configsuse-upgrade-rmt-server-pubcloud

Rapid7 Labs

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.