CVE-2024-41260

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-41260

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41260.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41260

Aliases

GHSA-9v35-4xcr-w9ph
GO-2024-3057

Published

2024-08-01T16:15:06.453Z

Modified

2026-03-15T14:51:17.926289Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.

References

https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636
https://github.com/github/advisory-database/pull/5714
https://github.com/netbirdio/netbird/pull/2569

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41260.json"