CVE-2024-28862

Source
https://cve.org/CVERecord?id=CVE-2024-28862
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28862.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-28862
Aliases
Published
2024-03-15T23:44:06.416Z
Modified
2026-07-15T01:48:59.213616455Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Details

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

Database specific
{
    "cwe_ids": [
        "CWE-276"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28862.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/mdp/rotp

Affected ranges

Type
GIT
Repo
https://github.com/mdp/rotp
Events
Database specific
{
    "cpe": "cpe:2.3:a:rotp_project:rotp:*:*:*:*:*:ruby:*:*",
    "extracted_events": [
        {
            "introduced": "= 6.2.2"
        },
        {
            "last_affected": "= 6.2.2"
        },
        {
            "introduced": "= 6.2.1"
        },
        {
            "last_affected": "= 6.2.1"
        },
        {
            "introduced": "6.2.1"
        },
        {
            "fixed": "6.3.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

= 6.*
= 6.2.1
= 6.2.2
v6.*
v6.2.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28862.json"