WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

OTP brute force possible on API endpoints that create API Keys

Moderate
segiddins published GHSA-9m38-prpc-m7w3 Sep 7, 2022

Package

bundler rubygems.org (RubyGems)

Affected versions

n/a

Patched versions

n/a

Description

Impact

Attackers could bypass rate limits on MFA-protected endpoints by making requests against api/v1/api_key/ routes.

Patches

Patched in e870835

Severity

Moderate

CVE ID

No known CVE

Weaknesses

No CWEs