Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
References
Link | Resource |
---|---|
https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | Vendor Advisory |
https://github.com/advisories/GHSA-w3hj-wr2q-x83g | Third Party Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g | Third Party Advisory |
https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | Vendor Advisory |
https://github.com/advisories/GHSA-w3hj-wr2q-x83g | Third Party Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g - Vendor Advisory | |
References | () https://github.com/advisories/GHSA-w3hj-wr2q-x83g - Third Party Advisory | |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g - Third Party Advisory |
26 Jan 2024, 15:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-330 | |
CPE | cpe:2.3:a:consensys:discovery:*:*:*:*:*:*:*:* | |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g - Third Party Advisory | |
References | () https://github.com/advisories/GHSA-w3hj-wr2q-x83g - Third Party Advisory | |
References | () https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g - Vendor Advisory |
19 Jan 2024, 22:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-19 22:15
Updated : 2024-11-21 08:58
NVD link : CVE-2024-23688
Mitre link : CVE-2024-23688
CVE.ORG link : CVE-2024-23688
JSON object : View
Products Affected
consensys
- discovery