← volver
CVE-2024-28862

ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

CVSS 5.3 MEDIUMEPSS 0.2%CWE-276
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 mar 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Productos afectados
mdp · rotp

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f