Description


An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.

Related CPE's


Weaknesses



CWE-347

CVSS impact metrics


CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-31T21:15:18.200

3 months ago

Last modified

2024-08-15T14:30:16.687

2 months ago