Description
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
Published: 2024-07-31
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 29 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Thu, 15 Aug 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Litestream
Litestream litestream
Weaknesses CWE-347
CPEs cpe:2.3:a:litestream:litestream:*:*:*:*:*:*:*:*
Vendors & Products Litestream
Litestream litestream
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Litestream Litestream
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-29T20:34:19.116Z

Reserved: 2024-07-18T00:00:00.000Z

Link: CVE-2024-41254

cve-icon Vulnrichment

Updated: 2024-08-02T18:11:47.740Z

cve-icon NVD

Status : Modified

Published: 2024-07-31T21:15:17.940

Modified: 2024-10-29T21:35:11.897

Link: CVE-2024-41254

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses