CVE-2024-41260

{"id": "CVE-2024-41260", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-01T16:15:06.453", "references": [{"url": "https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636", "source": "[email protected]"}, {"url": "https://github.com/github/advisory-database/pull/5714", "source": "[email protected]"}, {"url": "https://github.com/netbirdio/netbird/pull/2569", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database."}, {"lang": "es", "value": "Un vector de inicializaci\u00f3n est\u00e1tico (IV) en la funci\u00f3n de cifrado de netbird v0.28.4 permite a los atacantes obtener informaci\u00f3n confidencial."}], "lastModified": "2025-12-15T17:15:51.320", "sourceIdentifier": "[email protected]"}