Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GO-2024-2432
HistoryJun 28, 2024 - 3:28 p.m.

CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs

2024-06-2815:28:53
Google
osv.dev
5
cubefs
timing attack
passwords
github

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

JSON

CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/cubefs/cubefs before v3.3.1.

Related

osv 2
veracode 1
github 1
nvd 1
prion 1
cve 1
cvelist 1
osv
osv
CubeFS timing attack can leak user passwords
2024-01-03 16:13:52
CVE-2023-46739
2024-01-03 17:15:10
veracode
veracode
Timing Attack
2024-01-04 09:41:55
github
github
CubeFS timing attack can leak user passwords
2024-01-03 16:13:52
nvd
nvd
CVE-2023-46739
2024-01-03 17:15:10
prion
prion
Design/Logic Flaw
2024-01-03 17:15:00
cve
cve
CVE-2023-46739
2024-01-03 17:15:10
cvelist
cvelist
CVE-2023-46739 Timing attack can leak user passwords
2024-01-03 16:15:58

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

JSON
Related for OSV:GO-2024-2432
osv2veracode1github1nvd1prion1cve1cvelist1