Skip to main content

Filestash

3 CVEs product

Monthly

CVE-2024-41258 MEDIUM This Month

An issue was discovered in filestash v0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-41256 Go MEDIUM This Month

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-41255 Go HIGH This Week

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in filestash v0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Filestash
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy