CVE-2024-40761

Опубликовано: 25 сент. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.3.5.

Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

Ссылки

https://lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/09/25/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/25/5
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/25/6
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/25/7
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/25/8
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/26/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/26/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/26/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/27/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/27/5
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/09/27/8
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*

Версия до 1.3.5 (включая)

EPSS

Процентиль: 69%

0.00595

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-326

Связанные уязвимости

GHSA-48cr-j2cx-mcr8