Description

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.

Related CPE's

a

filestash

filestash

Vulnerable

References

https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-295

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-295

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-31T19:15:18.117Z

1 year ago

Last modified

2025-03-18T17:15:27.097Z

1 year ago