RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
http://rhn.redhat.com/errata/RHSA-2013-1203.html
http://rhn.redhat.com/errata/RHSA-2013-1441.html
http://rhn.redhat.com/errata/RHSA-2013-1852.html
http://secunia.com/advisories/55381
http://www.openwall.com/lists/oss-security/2012/04/20/24
http://www.ubuntu.com/usn/USN-1582-1/
Source: MITRE
Published: 2013-10-01
Updated: 2014-01-14
Type: NVD-CWE-Other
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM