Lucene search

Veracode Vulnerability DatabaseVERACODE:48317

HistoryAug 02, 2024 - 4:24 a.m.

Man-In-The-Middle Attack

2024-08-0204:24:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

ssh

host key

attack

sensitive information

filestash

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

37.7%

JSON

github.com/mickael-kerjean/filestash is vulnerable to Man-In-The-Middle Attack. The vulnerability is due to the usage of ssh.InsecureIgnoreHostKey function, which disables host key verification, allowing attackers to obtain sensitive information via a man-in-the-middle attack.

References

gist.github.com/nyxfqq/ed8c2ba3398c9e28cd8dbf0902bd8edf

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

37.7%

JSON

Related for VERACODE:48317