3 matches found
CVE-2022-36073
RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that...
CVE-2022-36073
RubyGems.org (the RubyGems host) is affected by CVE-2022-36073 due to a bug in the password and email change confirmation flow that lets an attacker change an account’s email to an unowned address. This could enable the attacker to access saved API keys and, after an authenticated user resets the...
CVE-2022-36073 RubyGems allows creation of users with arbitrary unverified emails
RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that...