CVE-2015-3224 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3224 Interim 1 8 2025-05-18T23:13:48Z current 2021-05-30T13:29:38Z 2025-05-18T23:13:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3224 request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5A4G5B5ZDCF4U3MWFQWU23AD4UPM7TYX/ E-Mail link for openSUSE-SU-2025:15129-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed ruby2.7-rubygem-web-console-4.1.0-1.5 ruby3.0-rubygem-web-console-4.1.0-1.5 ruby3.2-rubygem-web-console-4.2.0-1.9 ruby3.3-rubygem-web-console-4.2.1-1.5 ruby3.4-rubygem-web-console-4.2.1-1.7 ruby2.7-rubygem-web-console-4.1.0-1.5 as a component of openSUSE Tumbleweed ruby3.0-rubygem-web-console-4.1.0-1.5 as a component of openSUSE Tumbleweed ruby3.2-rubygem-web-console-4.2.0-1.9 as a component of openSUSE Tumbleweed ruby3.3-rubygem-web-console-4.2.1-1.5 as a component of openSUSE Tumbleweed ruby3.4-rubygem-web-console-4.2.1-1.7 as a component of openSUSE Tumbleweed request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. CVE-2015-3224 openSUSE Tumbleweed:ruby2.7-rubygem-web-console-4.1.0-1.5 openSUSE Tumbleweed:ruby3.0-rubygem-web-console-4.1.0-1.5 openSUSE Tumbleweed:ruby3.2-rubygem-web-console-4.2.0-1.9 openSUSE Tumbleweed:ruby3.3-rubygem-web-console-4.2.1-1.5 openSUSE Tumbleweed:ruby3.4-rubygem-web-console-4.2.1-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N