CVE-2024-41256

{"id": "CVE-2024-41256", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-07-31T21:15:18.117", "references": [{"url": "https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack."}, {"lang": "es", "value": "Las configuraciones predeterminadas en la funci\u00f3n ShareProofVerifier de filestash v0.4 hacen que la aplicaci\u00f3n omita el proceso de verificaci\u00f3n del certificado TLS al enviar c\u00f3digos de verificaci\u00f3n por correo electr\u00f3nico, lo que posiblemente permita a los atacantes acceder a datos confidenciales a trav\u00e9s de un ataque de man-in-the-middle."}], "lastModified": "2024-08-15T14:27:18.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:filestash:filestash:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F46510CC-65D9-41B7-885E-42CB8CE49494", "versionEndIncluding": "0.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}