CVE-2024-43791 – CVE-2024-43791 is a local privilege escalation ... (How to Fix)

📋 TL;DR

CVE-2024-43791 is a local privilege escalation vulnerability in request_store gem version 1.3.2 where world-writable file permissions (0666) allow local users to modify files and potentially execute arbitrary code. This affects Ruby applications using this specific version of the request_store gem for per-request global storage in Rack. The vulnerability primarily impacts systems where local user access exists alongside vulnerable installations.

💻 Affected Systems

Products:

request_store gem

Versions: Exactly version 1.3.2 (published in 2017)

Operating Systems: All operating systems running Ruby with request_store

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific 1.3.2 release from 2017; most users have likely upgraded since then. Requires local user access to the filesystem.

📦 What is this software?

Request Store by Steveklabnik

View all CVEs affecting Request Store →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains arbitrary code execution with application privileges, potentially leading to full system compromise if application runs with elevated permissions.

🟠

Likely Case

Limited impact due to most environments having upgraded or lacking local user access; potential file modification if local access exists.

🟢

If Mitigated

No impact if proper access controls prevent local user access to application files or if upgraded version is used.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local system access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Internal systems with local user accounts could be vulnerable if running the affected version.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple file permission manipulation if local access exists.

Exploitation requires local user access to modify world-writable files. No known active exploitation in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Any version other than 1.3.2 (versions before or after are not affected)

Vendor Advisory: https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m

Restart Required: Yes

Instructions:

1. Update Gemfile to use request_store version != 1.3.2
2. Run 'bundle update request_store'
3. Restart the Ruby application server

🔧 Temporary Workarounds

Fix file permissions manually

linux

Change permissions of request_store files from 0666 to more restrictive settings

find /path/to/gems -name "*request_store*" -type f -exec chmod 644 {} \;
find /path/to/gems -name "*request_store*" -type d -exec chmod 755 {} \;

🧯 If You Can't Patch

Restrict local user access to application directories and files
Implement strict file integrity monitoring for request_store files

🔍 How to Verify

Check if Vulnerable:

Check Gemfile.lock or run 'bundle show request_store' to see if version 1.3.2 is installed

Check Version:

bundle show request_store | grep -o 'request_store.*'

Verify Fix Applied:

Verify request_store version is not 1.3.2 using 'bundle show request_store' or check Gemfile.lock

📡 Detection & Monitoring

Log Indicators:

File permission changes to request_store files
Unexpected file modifications in gem directories

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="file_integrity" AND file_path="*request_store*" AND action="modified"

📊 Metadata

CVE ID: CVE-2024-43791

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: August 23, 2024

Last Updated: September 12, 2024

🔗 References

https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43791, you might also want to check these: