Vulnerability Details CVE-2023-50448
In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-50448
-
cpe:2.3:a:activeadmin:activeadmin:-
-
cpe:2.3:a:activeadmin:activeadmin:0.1.0
-
cpe:2.3:a:activeadmin:activeadmin:0.1.1
-
cpe:2.3:a:activeadmin:activeadmin:0.2.0
-
cpe:2.3:a:activeadmin:activeadmin:0.2.1
-
cpe:2.3:a:activeadmin:activeadmin:0.2.2
-
cpe:2.3:a:activeadmin:activeadmin:0.3.0
-
cpe:2.3:a:activeadmin:activeadmin:0.3.1
-
cpe:2.3:a:activeadmin:activeadmin:0.3.2
-
cpe:2.3:a:activeadmin:activeadmin:0.3.3
-
cpe:2.3:a:activeadmin:activeadmin:0.3.4
-
cpe:2.3:a:activeadmin:activeadmin:0.4.0
-
cpe:2.3:a:activeadmin:activeadmin:0.4.1
-
cpe:2.3:a:activeadmin:activeadmin:0.4.2
-
cpe:2.3:a:activeadmin:activeadmin:0.4.3
-
cpe:2.3:a:activeadmin:activeadmin:0.4.3.1
-
cpe:2.3:a:activeadmin:activeadmin:0.4.4
-
cpe:2.3:a:activeadmin:activeadmin:0.5.0
-
cpe:2.3:a:activeadmin:activeadmin:0.5.1
-
cpe:2.3:a:activeadmin:activeadmin:0.6.0
-
cpe:2.3:a:activeadmin:activeadmin:0.6.1
-
cpe:2.3:a:activeadmin:activeadmin:0.6.2
-
cpe:2.3:a:activeadmin:activeadmin:0.6.3
-
cpe:2.3:a:activeadmin:activeadmin:0.6.4
-
cpe:2.3:a:activeadmin:activeadmin:0.6.5
-
cpe:2.3:a:activeadmin:activeadmin:0.6.6
-
cpe:2.3:a:activeadmin:activeadmin:1.0.0
-
cpe:2.3:a:activeadmin:activeadmin:1.1.0
-
cpe:2.3:a:activeadmin:activeadmin:1.2.0
-
cpe:2.3:a:activeadmin:activeadmin:1.2.1
-
cpe:2.3:a:activeadmin:activeadmin:1.3.0
-
cpe:2.3:a:activeadmin:activeadmin:1.3.1
-
cpe:2.3:a:activeadmin:activeadmin:1.4.0
-
cpe:2.3:a:activeadmin:activeadmin:1.4.1
-
cpe:2.3:a:activeadmin:activeadmin:1.4.2
-
cpe:2.3:a:activeadmin:activeadmin:1.4.3
-
cpe:2.3:a:activeadmin:activeadmin:2.0.0
-
cpe:2.3:a:activeadmin:activeadmin:2.0.0.rc1
-
cpe:2.3:a:activeadmin:activeadmin:2.0.0.rc2
-
cpe:2.3:a:activeadmin:activeadmin:2.1.0
-
cpe:2.3:a:activeadmin:activeadmin:2.10.0
-
cpe:2.3:a:activeadmin:activeadmin:2.10.1
-
cpe:2.3:a:activeadmin:activeadmin:2.11.0
-
cpe:2.3:a:activeadmin:activeadmin:2.11.1
-
cpe:2.3:a:activeadmin:activeadmin:2.11.2
-
cpe:2.3:a:activeadmin:activeadmin:2.2.0
-
cpe:2.3:a:activeadmin:activeadmin:2.3.0
-
cpe:2.3:a:activeadmin:activeadmin:2.3.1
-
cpe:2.3:a:activeadmin:activeadmin:2.4.0
-
cpe:2.3:a:activeadmin:activeadmin:2.5.0
-
cpe:2.3:a:activeadmin:activeadmin:2.6.0
-
cpe:2.3:a:activeadmin:activeadmin:2.6.1
-
cpe:2.3:a:activeadmin:activeadmin:2.7.0
-
cpe:2.3:a:activeadmin:activeadmin:2.8.0
-
cpe:2.3:a:activeadmin:activeadmin:2.8.1
-
cpe:2.3:a:activeadmin:activeadmin:2.9.0