Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2023-50448

Disclosure Date: December 28, 2023 (last updated February 25, 2025)
In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-51763

Disclosure Date: December 24, 2023 (last updated February 25, 2025)
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0