Martinemde

**Name of the Vulnerable Software and Affected Versions** Rubygems.org (affected versions not specified) **Description** The issue concerns a workaround on the forgotten password form of Rubygems.org, which allows an attacker to bypass the Multi-Factor Authentication (MFA) requirement. Normally, users with MFA enabled would be protected from account takeover in the case of email account takeover. However, this vulnerability enables an attacker to take over the account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.