Lucene search
GoogleOSV:CVE-2024-41258HistoryJul 31, 2024 - 9:15 p.m.
CVE-2024-41258
2024-07-3121:15:18
Google
osv.dev
2
cve-2024-41258
filestash
ssh
insecure
host key
verification
attack
man-in-the-middle
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.2
Confidence
Low
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
Related
vulnrichment
vulnrichment
CVE-2024-41258
2024-07-31 00:00:00
nvd
nvd
CVE-2024-41258
2024-07-31 21:15:18
cve
cve
CVE-2024-41258
2024-07-31 21:15:18
cvelist
cvelist
CVE-2024-41258
2024-07-31 00:00:00
veracode
veracode
Man-In-The-Middle Attack
2024-08-02 04:24:33
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.2
Confidence
Low
Related for OSV:CVE-2024-41258