5.5
CVE-2024-28862
- EPSS 0.18%
- Veröffentlicht 16.03.2024 00:15:07
- Zuletzt bearbeitet 03.04.2026 13:57:33
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rotp Project ≫ Rotp SwPlatformruby Version >= 6.2.1 < 6.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 5.3 | 1.8 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f