CVE-2024-41962

Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yonle:bostr:*:*:*:*:*:*:*:*

History

16 Aug 2024, 16:34

Type Values Removed Values Added
References () https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21 - () https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21 - Product
References () https://github.com/Yonle/bostr/commit/49181f4ec9ae1472c6675cab56bbc01e723855af - () https://github.com/Yonle/bostr/commit/49181f4ec9ae1472c6675cab56bbc01e723855af - Patch
References () https://github.com/Yonle/bostr/releases/tag/3.0.10 - () https://github.com/Yonle/bostr/releases/tag/3.0.10 - Release Notes
References () https://github.com/Yonle/bostr/security/advisories/GHSA-5cf7-cxrf-mq73 - () https://github.com/Yonle/bostr/security/advisories/GHSA-5cf7-cxrf-mq73 - Mitigation, Vendor Advisory
CWE NVD-CWE-Other
CPE cpe:2.3:a:yonle:bostr:*:*:*:*:*:*:*:*
First Time Yonle
Yonle bostr
CVSS v2 : unknown
v3 : 4.6
v2 : unknown
v3 : 6.3

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Bostr es un proxy agregador de retransmisión nostr que actúa como un retransmisión nostr normal. bostr permite que todos tengan incluso authorized_keys configuradas cuando noscraper está configurado en verdadero. Esta vulnerabilidad se solucionó en 3.0.10.

01 Aug 2024, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 17:16

Updated : 2024-08-16 16:34


NVD link : CVE-2024-41962

Mitre link : CVE-2024-41962

CVE.ORG link : CVE-2024-41962


JSON object : View

Products Affected

yonle

  • bostr
CWE
NVD-CWE-Other CWE-285

Improper Authorization