5.5

CVE-2024-28862

EPSS 0.05%
Veröffentlicht 16.03.2024 00:15:07
Zuletzt bearbeitet 05.12.2025 16:58:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rotp Project ≫ Rotp Version6.2.1 SwPlatformruby

Rotp Project ≫ Rotp Version6.2.2 SwPlatformruby

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28862

EUVD