CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.
Configurations

No configuration.

History

01 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-453
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) filestash v0.4 está configurado para omitir la verificación del certificado TLS cuando se usa el protocolo FTPS, lo que posiblemente permita a los atacantes ejecutar un ataque de man-in-the-middle a través de la función Init de index.go.

31 Jul 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-31 21:15

Updated : 2024-08-01 15:35


NVD link : CVE-2024-41255

Mitre link : CVE-2024-41255

CVE.ORG link : CVE-2024-41255


JSON object : View

Products Affected

No product.

CWE
CWE-453

Insecure Default Variable Initialization