Description

A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.

Related CPE's

Could not find any relations

References

https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636

https://github.com/github/advisory-database/pull/5714

https://github.com/netbirdio/netbird/pull/2569

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-321

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-08-01T14:15:06.453Z

1 year ago

Last modified

2025-12-15T16:15:51.320Z

3 months ago