5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
70.2%
RubyGems is the Ruby standard for publishing and managing third-party
libraries.
It was found that, when using RubyGems, the connection could be redirected
from HTTPS to HTTP. This could lead to a user believing they are installing
a gem via HTTPS, when the connection may have been silently downgraded to
HTTP. (CVE-2012-2125)
It was found that RubyGems did not verify SSL connections. This could lead
to man-in-the-middle attacks. (CVE-2012-2126)
All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to
this updated package, which corrects these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | rubygems | < 1.8.24-4.el6op | rubygems-1.8.24-4.el6op.noarch.rpm |
RedHat | 6 | src | rubygems | < 1.8.24-4.el6op | rubygems-1.8.24-4.el6op.src.rpm |