Lucene search

[email protected]NVD:CVE-2024-40761

HistorySep 25, 2024 - 8:15 a.m.

CVE-2024-40761

2024-09-2508:15:04

CWE-326

[email protected]

web.nvd.nist.gov

apache answer

encryption

vulnerability

md5

gravatar

sha256

upgrade

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.6%

JSON

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.3.5.

Using the MD5 value of a user’s email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.
Users are recommended to upgrade to version 1.4.0, which fixes the issue.

References

lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-40761

osv2 vulnrichment1 github1 cvelist1 cve1