Description
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1058595
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/509
Scores
EPSS
0.0066
EPSS Percentile
71.3%
Details
CWE
CWE-310
Status
published
Products (24)
amos_benari/rbovirt
0.0.1
amos_benari/rbovirt
0.0.2
amos_benari/rbovirt
0.0.3
amos_benari/rbovirt
0.0.4
amos_benari/rbovirt
0.0.5
amos_benari/rbovirt
0.0.6
amos_benari/rbovirt
0.0.7
amos_benari/rbovirt
0.0.8
amos_benari/rbovirt
0.0.9
amos_benari/rbovirt
0.0.10
... and 14 more
Published
Apr 17, 2014
Tracked Since
Feb 18, 2026