Candidate: CVE-2019-3881
PublicDate: 2020-09-04 12:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3881
 https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0006-Don-t-use-insecure-temporary-directory-as-home-direc.patch
 https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0007-Remove-temporary-home-directories.patch
Description:
 Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with
 insecure permissions as a storage location for gems, if locations under the
 user's home directory are not available. If Bundler is used in a scenario
 where the user does not have a writable home directory, an attacker could
 place malicious code in this directory that would be later loaded and
 executed.
Ubuntu-Description:
 It was discovered that Bundler incorrectly created directories with insecure
 permissions in /tmp. An attacker could write malicious libraries to this
 location for later execution.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796383
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_bundler:
upstream_bundler: released (1.16.1-2)
precise/esm_bundler: DNE
trusty_bundler: ignored (out of standard support)
trusty/esm_bundler: DNE
xenial_bundler: not-affected (code not present)
bionic_bundler: needed
disco_bundler: not-affected (1.16.1-2)
eoan_bundler: not-affected (1.16.1-2)
focal_bundler: not-affected (1.16.1-2)
groovy_bundler: not-affected (1.16.1-2)
hirsute_bundler: not-affected (1.16.1-2)
impish_bundler: DNE
jammy_bundler: DNE
devel_bundler: DNE