Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
References
Link | Resource |
---|---|
https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | Vendor Advisory |
https://github.com/advisories/GHSA-w3hj-wr2q-x83g | Third Party Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g | Third Party Advisory |
Configurations
History
26 Jan 2024, 15:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g - Third Party Advisory | |
References | () https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g - Vendor Advisory | |
References | () https://github.com/advisories/GHSA-w3hj-wr2q-x83g - Third Party Advisory | |
First Time |
Consensys
Consensys discovery |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-330 | |
CPE | cpe:2.3:a:consensys:discovery:*:*:*:*:*:*:*:* |
19 Jan 2024, 22:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-19 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-23688
Mitre link : CVE-2024-23688
CVE.ORG link : CVE-2024-23688
JSON object : View
Products Affected
consensys
- discovery