Lucene search
GitHub_MCVE-2024-41962HistoryAug 01, 2024 - 5:16 p.m.
CVE-2024-41962
2024-08-0117:16:09
CWE-285
GitHub_M
web.nvd.nist.gov
27
bostr
proxy
unauthorized access
vulnerability
nostr relay
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
27.6%
Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10.
Affected configurations
Node
yonlebostrRange<3.0.10
CNA Affected
[
{
"vendor": "Yonle",
"product": "bostr",
"versions": [
{
"version": "< 3.0.10",
"status": "affected"
}
]
}
]Related
veracode
veracode
Improper Authorization
2024-08-05 03:46:59
osv
osv
Bostr Improper Authorization vulnerability
2024-08-02 01:20:13
CVE-2024-41962
2024-08-01 17:16:09
vulnrichment
vulnrichment
CVE-2024-41962 Bostr Improper Authorization
2024-08-01 16:30:57
github
github
Bostr Improper Authorization vulnerability
2024-08-02 01:20:13
nvd
nvd
CVE-2024-41962
2024-08-01 17:16:09
cvelist
cvelist
CVE-2024-41962 Bostr Improper Authorization
2024-08-01 16:30:57
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
27.6%
Related for CVE-2024-41962