CVE-2024-41260

Name of the Vulnerable Software and Affected Versions netbird version 0.28.4

Description The issue concerns a static initialization vector (IV) used in the encrypt function, allowing attackers to obtain sensitive information. This static IV is utilized in the github.com/netbirdio/netbird code.

Recommendations For netbird version 0.28.4, update to a version that addresses the static initialization vector issue in the encrypt function to prevent attackers from obtaining sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.