VDB
CVE-2024-41260
CVE-2024-41260
PUBLISHED
CVSS 7.5 HIGH
A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.
EPSS 0.12% · 29.8th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
29.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | netbirdio/netbird | 0.23.2 |
| netbirdio | netbird | 0.28.4 |
| n/a | n/a | n/a |
Timeline
- Aug 1, 2024 CVE Published
- Aug 2, 2024 EPSS Score
- Aug 23, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 5, 2024 EPSS Score
- Oct 26, 2024 EPSS Score
- Nov 16, 2024 EPSS Score
- Dec 8, 2024 EPSS Score
- Dec 29, 2024 EPSS Score
- Jan 19, 2025 EPSS Score
- Feb 10, 2025 EPSS Score
References
- https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636 url
- https://github.com/netbirdio/netbird/pull/2569 url
- https://github.com/github/advisory-database/pull/5714 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-41260 advisory
- https://github.com/netbirdio/netbird/issues/2246 url
- https://github.com/netbirdio/netbird/commit/cf6210a6f42355e88c422c624376f6fcdaea6729 url
- https://github.com/advisories/GHSA-9v35-4xcr-w9ph advisory
- https://github.com/netbirdio/netbird package