15 matches found
CVE-2024-41254 vulnerabilities
Vulnerabilities for packages: litestream...
GHSA-QPGW-J75C-J585 vulnerabilities
Vulnerabilities for packages: litestream...
CVE-2024-41254 vulnerabilities
Vulnerabilities for packages: litestream...
GHSA-QPGW-J75C-J585 vulnerabilities
Vulnerabilities for packages: litestream...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: sbom-convert, falcosidekick, prometheus-adapter, slsa-verifier, yq, mockery, k9s, kubernetes-csi-driver-hostpath, go-licenses, sftpgo-plugin-eventstore, docker-compose, wave, k8ssandra-operator, bazelisk, sftpgo-plugin-eventsearch, flux, flux-source-controller,...
GHSA-32GQ-X56H-299C vulnerabilities
Vulnerabilities for packages: chezmoi, grafana-fips, litestream, flux-kustomize-controller-fips, grafana, sops-fips, sops, ksops, age, age-fips, flux-kustomize-controller...
Man-in-the-middle Attack
github.com/benbjohnson/litestream is vulnerable to a Man-in-the-middle Attack. The vulnerability is due to unsafe usage of ssh.InsecureIgnoreHostKey, which disables host key verification and potentially allows attackers to obtain sensitive information through a Man-in-the-middle Attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...
CVE-2024-41254
CVE-2024-41254 affects litestream v0.3.13. The root cause is the use of ssh.InsecureIgnoreHostKey(), which disables host key verification and can enable a man‑in‑the‑middle attack to exfiltrate sensitive information. Multiple connected sources (NVD, Veracode, CNNVD, OSV, CGA, Chainguard, Wolfi, C...
Litestream 安全漏洞
Litestream is a standalone disaster recovery tool for SQLite from the individual developer Ben Johnson. A security vulnerability exists in Litestream version v0.3.13, which stems from the use of ssh.InsecureIgnoreHostKey that disables host key authentication. An attacker could obtain sensitive...
PT-2024-29332 · Unknown · Litestream
Name of the Vulnerable Software and Affected Versions: litestream version 0.3.13 Description: An issue was discovered where the usage of the ssh.InsecureIgnoreHostKey function disables host key verification. This could possibly allow attackers to obtain sensitive information via a man-in-the-midd...