RubyGems vulnerabilities

2012-09-2600:00:00

ubuntu.com

6.1 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

Releases

Ubuntu 12.04

Packages

rubygems - package management framework for Ruby libraries/applications

Details

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)

John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a machine-in-the-middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchrubygems< 1.8.15-1ubuntu0.1UNKNOWN
Ubuntu12.04noarchrubygems-doc< 1.8.15-1ubuntu0.1UNKNOWN
Ubuntu12.04noarchrubygems1.8< 1.8.15-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	12.04	noarch	rubygems	< 1.8.15-1ubuntu0.1	UNKNOWN
Ubuntu	12.04	noarch	rubygems-doc	< 1.8.15-1ubuntu0.1	UNKNOWN
Ubuntu	12.04	noarch	rubygems1.8	< 1.8.15-1ubuntu0.1	UNKNOWN