CVE-2024-41254
31.07.2024, 21:15
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.Enginsight
| Vendor | Product | Version |
|---|---|---|
| litestream | litestream | 𝑥 ≤ 0.3.13 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-347 - Improper Verification of Cryptographic SignatureThe software does not verify, or incorrectly verifies, the cryptographic signature for data.
- CWE-639 - Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.