CVE-2024-41254

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions litestream version 0.3.13

Description An issue was discovered where the usage of the ssh.InsecureIgnoreHostKey() function disables host key verification. This could possibly allow attackers to obtain sensitive information via a man-in-the-middle attack.

Recommendations For litestream version 0.3.13, consider disabling the use of ssh.InsecureIgnoreHostKey() to re-enable host key verification until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-347

Related Identifiers

CVE-2024-41254

Affected Products

Litestream

CVE-2024-41254

Weakness Enumeration

Related Identifiers

Affected Products

References · 5