CVE-2012-2125

Medium

5.8/10

Summary

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: NONE

References

Advisory Timeline

Published Oct 01, 2013

CVE-2012-2125

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS