CVE-2024-41260

CVSS 7.5 HIGHEPSS 0.5%CWE-321

A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636 https://github.com/github/advisory-database/pull/5714 https://github.com/netbirdio/netbird/pull/2569