CVE-2024-41124

July 19, 2024, 8:15 p.m.

CVSS Score

6.3 / 10

Product(s) Impacted

Puncia

  • 0.21

Description

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability.

Weaknesses

CWE-311
Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE ID: 311

Date

Published: July 19, 2024, 8:15 p.m.

Last Modified: July 19, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
6.3
Exploitability Score
0.4
Impact Score
5.9
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References