Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rwb3-dxtb-9ubn
Vulnerability ID VCID-rwb3-dxtb-9ubn
Aliases CVE-2022-23634
GHSA-rmj8-8hhh-gv5h
Summary rubygem-puma: rubygem-rails: information leak between requests
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-404 Improper Resource Shutdown or Release
System Score Found at
cvssv3 8.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
epss 0.00479 https://api.first.org/data/v1/epss?cve=CVE-2022-23634
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.0 https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
generic_textual HIGH https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
cvssv3.1 8.0 https://github.com/advisories/GHSA-wh98-p28r-vrc9
generic_textual HIGH https://github.com/advisories/GHSA-wh98-p28r-vrc9
cvssv3.1 8.0 https://github.com/puma/puma
generic_textual HIGH https://github.com/puma/puma
cvssv3.1 8.0 https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
generic_textual HIGH https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
cvssv3 8.0 https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
cvssv3.1 8.0 https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
cvssv3.1_qr HIGH https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
generic_textual HIGH https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
cvssv3.1 8.0 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
cvssv3.1 8.0 https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
generic_textual HIGH https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
cvssv3.1 8.0 https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
cvssv3.1 8.0 https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
cvssv3.1 8.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
cvssv3.1 8.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
cvssv3.1 8.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
cvssv3.1 8.0 https://nvd.nist.gov/vuln/detail/CVE-2022-23634
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-23634
archlinux High https://security.archlinux.org/AVG-2764
cvssv3.1 8.0 https://security.gentoo.org/glsa/202208-28
generic_textual HIGH https://security.gentoo.org/glsa/202208-28
cvssv3.1 8.0 https://www.debian.org/security/2022/dsa-5146
generic_textual HIGH https://www.debian.org/security/2022/dsa-5146
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
https://api.first.org/data/v1/epss?cve=CVE-2022-23634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
https://github.com/advisories/GHSA-wh98-p28r-vrc9
https://github.com/puma/puma
https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
https://nvd.nist.gov/vuln/detail/CVE-2022-23634
https://security.gentoo.org/glsa/202208-28
https://www.debian.org/security/2022/dsa-5146
1005391 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
2054211 https://bugzilla.redhat.com/show_bug.cgi?id=2054211
AVG-2764 https://security.archlinux.org/AVG-2764
RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498
USN-6682-1 https://usn.ubuntu.com/6682-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/advisories/GHSA-rmj8-8hhh-gv5h
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/advisories/GHSA-wh98-p28r-vrc9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/puma/puma
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23634
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://security.gentoo.org/glsa/202208-28
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5146
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.65343
EPSS Score 0.00479
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:14:09.900322+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json 38.6.0