PT-2024-29341 · Cortex · Cortex
Yuexi Zhang
·
Published
2024-08-01
·
Updated
2026-01-06
·
CVE-2024-41265
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
cortex version 0.42.1
Description
A TLS certificate verification issue allows attackers to obtain sensitive information via the
makeOperatorRequest function. This is due to cortex establishing TLS connections with the InsecureSkipVerify variable set to true.Recommendations
For cortex version 0.42.1, consider disabling the
makeOperatorRequest function until a patch is available, and restrict the use of InsecureSkipVerify to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cortex