Skip to content

Commit 67be2a2

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@0840799 
1 parent ca8a7fe commit 67be2a2

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

advisories/_posts/2025-08-29-CVE-2025-58067.md

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2025-58067 (google_sign_in): Google Sign-In for Rails allowed redirect
4+
to protocol-relative URI'
5+
comments: false
6+
categories:
7+
- google_sign_in
8+
advisory:
9+
gem: google_sign_in
10+
cve: 2025-58067
11+
ghsa: 5jch-xhw4-r43v
12+
url: https://github.com/basecamp/google_sign_in/security/advisories/GHSA-5jch-xhw4-r43v
13+
title: Google Sign-In for Rails allowed redirect to protocol-relative URI
14+
date: 2025-08-29
15+
description: |
16+
## Summary
17+
18+
It is possible to redirect a user to another origin if the
19+
"proceed_to" value in the session store is set to a
20+
protocol-relative URL.
21+
22+
## Details
23+
24+
The google_sign_in gem persists an optional URL for redirection
25+
after authentication. If this URL is set to a protocol-relative URL,
26+
it improperly passes the "same origin" check, and it's possible
27+
for the user to be redirected to another origin after authentication,
28+
possibly resulting in exposure of authentication information if
29+
this attack is chained with other attacks.
30+
31+
Normally the value of this URL is only written and read by the
32+
library or the calling application. However, it may be possible to
33+
set this session value from a malicious site with a form submission.
34+
35+
## Impact
36+
37+
Any Rails applications using the google_sign_in gem may be vulnerable,
38+
if this vector can be chained with another attack that is able to
39+
modify the OAuth2 request parameters.
40+
41+
## Workarounds
42+
43+
No known workarounds.
44+
45+
## Credits
46+
47+
This issue was responsibly reported by Hackerone user
48+
[muntrive](https://hackerone.com/muntrive?type=user).
49+
cvss_v3: 4.2
50+
patched_versions:
51+
- ">= 1.3.1"
52+
related:
53+
url:
54+
- https://nvd.nist.gov/vuln/detail/CVE-2025-58067
55+
- https://github.com/basecamp/google_sign_in/security/advisories/GHSA-5jch-xhw4-r43v
56+
- https://github.com/basecamp/google_sign_in/releases/tag/v1.3.1
57+
- https://github.com/basecamp/google_sign_in/pull/75
58+
- https://github.com/basecamp/google_sign_in/commit/e97aef4626b1bcbd2c6f01f7dd25f12ac855d4cc
59+
- https://github.com/advisories/GHSA-5jch-xhw4-r43v
60+
---

0 commit comments

Comments
 (0)