CVE-2024-41256

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41256

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41256.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41256

Aliases

Published

2024-07-31T21:15:18Z

Modified

2024-10-08T04:20:11.296480Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.

References

https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98

Affected packages

Git / github.com/mickael-kerjean/filestash

Affected ranges

Type: GIT
Repo: https://github.com/mickael-kerjean/filestash
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0c105c1ac5197ebfcbdd7ca08cde2c7314912d7d

Affected versions

v0.*

v0.0

v0.1

v0.2

v0.2.1

v0.4