CVE-2022-36073
Vulnerability from cvelistv5
Published
2022-09-07 19:45
Modified
2024-08-03 09:52
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Summary
RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email (and has to reset password to gain access) and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue.
References
security-advisories@github.comhttps://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4dPatch, Third Party Advisory
security-advisories@github.comhttps://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vgPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4dPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vgPatch, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:52:00.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vg"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rubygems.org",
          "vendor": "rubygems",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 90c9e6aac2d91518b479c51d48275c57de492d4d"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RubyGems.org is the Ruby community gem host. A bug in password \u0026 email change confirmation code allowed an attacker to change their RubyGems.org account\u0027s email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email (and has to reset password to gain access) and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T19:45:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vg"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4d"
        }
      ],
      "source": {
        "advisory": "GHSA-8qpf-wf2p-25vg",
        "discovery": "UNKNOWN"
      },
      "title": "RubyGems allows creation of users with arbitrary unverified emails",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-36073",
          "STATE": "PUBLIC",
          "TITLE": "RubyGems allows creation of users with arbitrary unverified emails"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rubygems.org",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 90c9e6aac2d91518b479c51d48275c57de492d4d"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rubygems"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "RubyGems.org is the Ruby community gem host. A bug in password \u0026 email change confirmation code allowed an attacker to change their RubyGems.org account\u0027s email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email (and has to reset password to gain access) and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vg",
              "refsource": "CONFIRM",
              "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vg"
            },
            {
              "name": "https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4d",
              "refsource": "MISC",
              "url": "https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4d"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-8qpf-wf2p-25vg",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-36073",
    "datePublished": "2022-09-07T19:45:11",
    "dateReserved": "2022-07-15T00:00:00",
    "dateUpdated": "2024-08-03T09:52:00.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-36073\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-09-07T20:15:11.223\",\"lastModified\":\"2024-11-21T07:12:19.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"RubyGems.org is the Ruby community gem host. A bug in password \u0026 email change confirmation code allowed an attacker to change their RubyGems.org account\u0027s email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email (and has to reset password to gain access) and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue.\"},{\"lang\":\"es\",\"value\":\"RubyGems.org es el host de gemas de la comunidad Ruby. Un error en el c\u00f3digo de confirmaci\u00f3n de cambio de contrase\u00f1a y correo electr\u00f3nico permit\u00eda a un atacante cambiar el correo electr\u00f3nico de su cuenta de RubyGems.org a una direcci\u00f3n de correo electr\u00f3nico no propia. Tener acceso a una cuenta cuyo correo electr\u00f3nico ha sido cambiado podr\u00eda permitir a un atacante guardar las claves de la API para esa cuenta, y cuando un usuario leg\u00edtimo intente crear una cuenta con su correo electr\u00f3nico (y tenga que restablecer la contrase\u00f1a para acceder) y le sea concedido acceso a otras gemas, el atacante podr\u00eda entonces publicar y arrancar versiones de esas gemas. El commit n\u00famero 90c9e6aac2d91518b479c51d48275c57de492d4d contiene un parche para este problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2022-08-31\",\"matchCriteriaId\":\"336CC931-B42D-442B-AC29-7A89975F8176\"}]}]}],\"references\":[{\"url\":\"https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rubygems/rubygems.org/commit/90c9e6aac2d91518b479c51d48275c57de492d4d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rubygems/rubygems.org/security/advisories/GHSA-8qpf-wf2p-25vg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.