CSRF Vulnerability in Rails_Admin Ruby Gem <v1.1.1

CVE-2016-10522 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

Learn more about our Web Application Penetration Testing UK.