Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-12T20:59:43.094Z
Updated: 2024-08-01T22:27:36.174Z
Reserved: 2023-12-29T16:10:20.366Z
Link: CVE-2024-21654
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-12T21:15:11.287
Modified: 2024-01-22T19:45:11.213
Link: CVE-2024-21654
Redhat