CVE-2024-38367

Name of the Vulnerable Software and Affected Versions: CocoaPods (affected versions not specified)

Description: The issue is related to the authentication server for the CocoaPods dependency manager, where the trunk sessions verification step could be manipulated, allowing for owner session hijacking. This could result in a full takeover of the CocoaPods trunk account, enabling the threat actor to manipulate pod specifications, disrupt the distribution of legitimate libraries, or cause widespread disruption within the CocoaPods ecosystem.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.