PT-2024-29279 · Puncia · Puncia

Sch227

Published

2024-07-19

Updated

2024-07-22

CVE-2024-41124

CVSS v3.1

6.3

Medium

Vector

AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Puncia versions prior to 0.21

Description The issue arises from API URLS utilizing HTTP instead of HTTPS for communication, leading to potential issues like Eavesdropping, Data Tampering, Unauthorized Data Access, and MITM Attacks.

Recommendations For versions prior to 0.21, upgrade to release version 0.21 to address the issue by using HTTPS instead of HTTP connections. At the moment, there is no information about other workarounds for this issue.

Exploit

Fix

Missing Encryption of Sensitive Data

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-319

Related Identifiers

CVE-2024-41124

GHSA-RWCJ-7JJP-4W38

Affected Products

Puncia

PT-2024-29279 · Puncia · Puncia

CVE-2024-41124

Weakness Enumeration

Related Identifiers

Affected Products

References · 10