Опубликовано: 01 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
NetBird uses a static initialization vector (IV)
A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-41260
- https://github.com/netbirdio/netbird/issues/2246
- https://github.com/github/advisory-database/pull/5714
- https://github.com/netbirdio/netbird/pull/2569
- https://github.com/netbirdio/netbird/commit/cf6210a6f42355e88c422c624376f6fcdaea6729
- https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636
- https://github.com/advisories/GHSA-9v35-4xcr-w9ph
Пакеты
Наименование
github.com/netbirdio/netbird
go
Затронутые версииВерсия исправления
>= 0.23.2, < 0.29.2
0.29.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.