Publish Date: Mar. 29, 2019
SummaryWe've updated the Ruby on Rails version used by the Spiceworks Cloud Help Desk in order to patch a security vulnerability.
Who’s Affected?At this time, we do not believe anyone was impacted by the vulnerability patched in this update.
DetailsRuby on Rails was discovered to contain a vulnerability that could allow an attacker to obtain the development mode secret token. This could eventually allow for a remote code execution exploit.
Mitigating FactorsThe vulnerability would have to be purposefully exploited.
Security Update InformationThe Spiceworks Cloud Help Desk was updated in March 2019 to run a patched version of Ruby on Rails.
Acknowledgementsnone
References and Further ReadingClick here for more information on the Ruby on Rails vulnerability.
Revisionsv1.0: (Mar. 29, 2019): Bulletin...