Home > Vulnerability Database > CVE-2024-41256

Mend.io Vulnerability Database

CVE-2024-41256

Date: July 30, 2024

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.

Language: Go

Severity Score

5.9

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41256

Url: https://github.com/mickael-kerjean/filestash/blob/master/server/model/share.go#L132

Url: https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98

Url: https://github.com/mickael-kerjean/filestash/issues/709

Url: https://github.com/mickael-kerjean/filestash

Url: https://github.com/advisories/GHSA-mpvx-whpp-99xj

Url: https://pkg.go.dev/vuln/GO-2024-3035

Url: https://www.mend.io/vulnerability-database/CVE-2024-41256

Severity Score

5.9

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41256

Date: July 30, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?