3 matches found
CVE-2024-21654
creationtimestamp| type| source ---|---|--- 2024-01-12 22:41:53+00:00| seen| https://t.me/ctinow/167576 2024-01-15 18:47:01+00:00| seen| https://t.me/ctinow/168519 2024-01-16 01:31:14+00:00| seen| https://t.me/arpsyndicate/2820 2024-02-03 02:26:53+00:00| seen| https://t.me/ctinow/178358...
CVE-2024-21654
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover...
CVE-2024-21654 rubygems.org MFA Bypass through password reset function could allow account takeover
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover...