15 matches found
CVE-2024-41254 vulnerabilities
Vulnerabilities for packages: litestream...
GHSA-QPGW-J75C-J585 vulnerabilities
Vulnerabilities for packages: litestream...
CVE-2024-41254 vulnerabilities
Vulnerabilities for packages: litestream...
GHSA-QPGW-J75C-J585 vulnerabilities
Vulnerabilities for packages: litestream...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: ctop, kubernetes-dashboard-metrics-scraper, mods, promxy, x509-certificate-exporter, flux-kustomize-controller, delve, wireguard-go, kubernetes, kubernetes-csi-external-resizer, trillian, kube-metrics-adapter, thanos, wuzz, whereabouts, nri-f5, bazelisk, http-echo,...
GHSA-32GQ-X56H-299C vulnerabilities
Vulnerabilities for packages: sops-fips, grafana-fips, sops, grafana, chezmoi, ksops, flux-kustomize-controller-fips, flux-kustomize-controller, age, litestream, age-fips...
Man-in-the-middle Attack
github.com/benbjohnson/litestream is vulnerable to a Man-in-the-middle Attack. The vulnerability is due to unsafe usage of ssh.InsecureIgnoreHostKey, which disables host key verification and potentially allows attackers to obtain sensitive information through a Man-in-the-middle Attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
CVE-2024-41254 affects litestream v0.3.13. The root cause is the use of ssh.InsecureIgnoreHostKey(), which disables host key verification and can enable a man‑in‑the‑middle attack to exfiltrate sensitive information. Multiple connected sources (NVD, Veracode, CNNVD, OSV, CGA, Chainguard, Wolfi, C...
PT-2024-29332 · Unknown · Litestream
Name of the Vulnerable Software and Affected Versions: litestream version 0.3.13 Description: An issue was discovered where the usage of the ssh.InsecureIgnoreHostKey function disables host key verification. This could possibly allow attackers to obtain sensitive information via a man-in-the-midd...
Litestream 安全漏洞
Litestream is a standalone disaster recovery tool for SQLite from the individual developer Ben Johnson. A security vulnerability exists in Litestream version v0.3.13, which stems from the use of ssh.InsecureIgnoreHostKey that disables host key authentication. An attacker could obtain sensitive...