The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| amos_benari | rbovirt | 0.0.18 |
| amos_benari | rbovirt | 0.0.1 |
| amos_benari | rbovirt | 0.0.8 |
| amos_benari | rbovirt | 0.0.13 |
| amos_benari | rbovirt | 0.0.9 |
| amos_benari | rbovirt | 0.0.7 |
| amos_benari | rbovirt | 0.0.14 |
| amos_benari | rbovirt | 0.0.12 |
| amos_benari | rbovirt | 0.0.21 |
| amos_benari | rbovirt | 0.0.11 |
| amos_benari | rbovirt | 0.0.5 |
| amos_benari | rbovirt | 0.0.22 |
| amos_benari | rbovirt | 0.0.6 |
| amos_benari | rbovirt | 0.0.17 |
| amos_benari | rbovirt | * |
| amos_benari | rbovirt | 0.0.19 |
| amos_benari | rbovirt | 0.0.4 |
| amos_benari | rbovirt | 0.0.3 |
| amos_benari | rbovirt | 0.0.15 |
| amos_benari | rbovirt | 0.0.20 |
| amos_benari | rbovirt | 0.0.16 |
| amos_benari | rbovirt | 0.0.2 |
| amos_benari | rbovirt | 0.0.10 |