CVE-2024-28862

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28862
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28862.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-28862
Aliases
Published
2024-03-15T23:44:06.416Z
Modified
2025-11-30T18:45:43.427331Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Details

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-276"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28862.json"
}
References

Affected packages

Git / github.com/mdp/rotp

Affected ranges

Type
GIT
Repo
https://github.com/mdp/rotp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f0624c0fc866f2f7db199925588965217aac3140
Last affected
703bee153bb814f0b0046bad2e52343dea7384bb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 6.2.2"
        },
        {
            "last_affected": "= 6.2.1"
        }
    ]
}

Affected versions

v1.*

v1.3.1

v2.*

v2.1.0
v2.1.1
v2.1.2

v3.*

v3.3.0
v3.3.1

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.1.0

v5.*

v5.0.0
v5.1.0

v6.*

v6.0.0
v6.1.0
v6.2.0
v6.2.1
v6.2.2