CVE-2024-21654

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2", "name": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2", "tags": [], "refsource": ""}, {"url": "https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565", "name": "https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-21654", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2024-01-12T21:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-01-12T21:15Z"}