Описание
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5.2 | ruby193-rubygem-rbovirt | Will not fix | ||
| Red Hat Satellite 6 | ruby193-rubygem-rbovirt | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1058595rubygem-rbovirt: unsafe use of rest-client
5.1 Medium
CVSS2
Связанные уязвимости
nvd
почти 12 лет назад
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
github
больше 8 лет назад
rbovirt uses the rest-client gem with SSL verification disabled
5.1 Medium
CVSS2