Lucene search

Veracode Vulnerability DatabaseVERACODE:48316

HistoryAug 02, 2024 - 4:22 a.m.

TLS Certificate Verification Bypass

2024-08-0204:22:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

tls

certificate

verification

bypass

github.com

mickael-kerjean

filestash

vulnerable

transmission

attackers

exploit

intercept

tamper

communication

unauthorized access

sensitive information

software

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

github.com/mickael-kerjean/filestash vulnerable to TLS certificate verification bypass. The vulnerability is due to insecure email verification code transmission, as TLS verification is being bypassed. Attackers can exploit this to intercept or tamper with email communications, potentially gaining unauthorized access or compromising sensitive information.

References

gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98

github.com/mickael-kerjean/filestash/issues/709

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

Related for VERACODE:48316