Lucene search
MitreCVE-2024-41254HistoryJul 31, 2024 - 9:15 p.m.
CVE-2024-41254
2024-07-3121:15:17
CWE-347
mitre
web.nvd.nist.gov
28
litestream vulnerability ssh insecureignorehostkey
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
37.7%
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
Affected configurations
Node
litestreamlitestreamRange≤0.3.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| litestream | litestream | * | cpe:2.3:a:litestream:litestream:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2024-41254
2024-07-31 21:15:17
veracode
veracode
Man-in-the-middle Attack
2024-08-02 08:24:11
cvelist
cvelist
CVE-2024-41254
2024-07-31 00:00:00
vulnrichment
vulnrichment
CVE-2024-41254
2024-07-31 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
37.7%
Related for CVE-2024-41254