CVE-2024-28862

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

Related Vulnerabilities

CVE-2017-1000089

MEDIUM
CVSS:5.3(Medium)

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the b...

CWE-2762017

CVE-2018-12160

MEDIUM
CVSS:5.3(Medium)

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory pe...

CWE-2762018

CVE-2019-14861

MEDIUM
CVSS:5.3(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS recor...

CWE-2762019

CVE-2019-18366

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

CWE-2762019

CVE-2019-18367

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

CWE-2762019

CVE-2019-18369

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

CWE-2762019