Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.
Metrics
Affected Vendors & Products
References
History
Thu, 24 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-306 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-12T20:59:43.094Z
Updated: 2024-10-24T15:27:56.733Z
Reserved: 2023-12-29T16:10:20.366Z
Link: CVE-2024-21654
Vulnrichment
Updated: 2024-08-01T22:27:36.174Z
NVD
Status : Modified
Published: 2024-01-12T21:15:11.287
Modified: 2024-11-21T08:54:48.690
Link: CVE-2024-21654
Redhat