CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

CVE-2024-41256

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

EUVD-2024-38992

Malicious code in bioql PyPI...

GO-2024-3035 Filestash skips TLS certificate verification process when sending out email verification codes in github.com/mickael-kerjean/filestash

Filestash skips TLS certificate verification process when sending out email verification codes in github.com/mickael-kerjean/filestash...

GO-2024-3033 Filestash configured to skip TLS certificate verification when using the FTPS protocol in github.com/mickael-kerjean/filestash

Filestash configured to skip TLS certificate verification when using the FTPS protocol in github.com/mickael-kerjean/filestash...

Man-In-The-Middle Attack

github.com/mickael-kerjean/filestash is vulnerable to Man-In-The-Middle Attack. The vulnerability is due to the usage of ssh.InsecureIgnoreHostKey function, which disables host key verification, allowing attackers to obtain sensitive information via a man-in-the-middle attack...

TLS Certificate Verification Bypass

github.com/mickael-kerjean/filestash vulnerable to TLS certificate verification bypass. The vulnerability is due to insecure email verification code transmission, as TLS verification is being bypassed. Attackers can exploit this to intercept or tamper with email communications, potentially gainin...

Filestash skips TLS certificate verification process when sending out email verification codes

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

GHSA-MPVX-WHPP-99XJ Filestash skips TLS certificate verification process when sending out email verification codes

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

Filestash configured to skip TLS certificate verification when using the FTPS protocol

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

GHSA-4JMM-C6JW-G796 Filestash configured to skip TLS certificate verification when using the FTPS protocol

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

PT-2024-29335 · Filestash · Filestash

Name of the Vulnerable Software and Affected Versions: filestash version 0.4 Description: An issue was discovered where the usage of the ssh.InsecureIgnoreHostKey function disables host key verification. This could possibly allow attackers to obtain sensitive information via a man-in-the-middle...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

filestash 安全漏洞

filestash is a Dropbox-like file manager by the individual developer Mickael. A security vulnerability exists in filestash v0.4, which stems from a TLS certificate validation being skipped when using the FTPS protocol. An attacker can perform a man-in-the-middle attack via the Init function of...

CVE-2024-41256

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...