Ruby : Access control missing

The software does not restrict or incorrectly restricts access to a resource at the functional level. The principle of minimum privileges implies that a user, a program or a process must by default have as few access privileges as possible or only those required.

Access control involves the use of several protection mechanisms such as: - Identification (determination of an actor) - Authentication (proving the identity of an actor) - Authorization (ensuring that a given actor can access a resource) - Accountability (tracking of activities that were performed)

When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc.