CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-41256

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.3%

CVSS Severity

CVSS v3 Score 5.9

References

https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98

Products affected by CVE-2024-41256

Filestash » Filestash » Version: 0.0

cpe:2.3:a:filestash:filestash:0.0
Filestash » Filestash » Version: 0.1

cpe:2.3:a:filestash:filestash:0.1
Filestash » Filestash » Version: 0.2

cpe:2.3:a:filestash:filestash:0.2
Filestash » Filestash » Version: 0.2.1

cpe:2.3:a:filestash:filestash:0.2.1
Filestash » Filestash » Version: 0.3

cpe:2.3:a:filestash:filestash:0.3
Filestash » Filestash » Version: 0.4

cpe:2.3:a:filestash:filestash:0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-41256

Products

Pricing

Contact Us