Lucene search

GitHub Advisory DatabaseGHSA-WPXW-5XFM-X22V

HistoryJan 29, 2024 - 9:30 p.m.

MeshCentral algorithm-downgrade issue

2024-01-2921:30:27

GitHub Advisory Database

github.com

meshcentral

algorithm

downgrade

issue

ylianst

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

28.1%

JSON

An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.

Affected configurations

Vulners

Node

meshcentralmeshcentralRange<1.1.17

VendorProductVersionCPE
meshcentralmeshcentral*cpe:2.3:a:meshcentral:meshcentral:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
meshcentral	meshcentral	*	cpe:2.3:a:meshcentral:meshcentral::::::::

References

github.com/advisories/GHSA-wpxw-5xfm-x22v

github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51842.md

github.com/Ylianst/MeshCentral/commit/a5efc5e899b8809293b297df045cff5ec0eb448b

github.com/Ylianst/MeshCentral/tree/master

nvd.nist.gov/vuln/detail/CVE-2023-51842

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

28.1%

JSON

Related for GHSA-WPXW-5XFM-X22V