CVE-2024-41124

CVSS V2 None CVSS V3 None

Description

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2024-41124

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-07-19T19:45:47.443Z

Last Modified Date
2024-07-19T19:45:47.443Z

Weakness Enumerations

CWE	URL
CWE-319	http://cwe.mitre.org/data/definitions/319.html
CWE-311	http://cwe.mitre.org/data/definitions/311.html

References

Reference URL	Reference Tags
https://github.com/ARPSyndicate/puncia/security/advisories/GHSA-rwcj-7jjp-4w38	x_refsource_CONFIRM
https://github.com/ARPSyndicate/puncia/issues/8	x_refsource_MISC
https://github.com/ARPSyndicate/puncia/commit/033f3b68126eabbb2040ce16e2c3a2ce17437fbd#diff-3ec6c2de51e702726b23c452e3f4a899f6f4253af9fbf5be7254a5c1407ab526	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-41124
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41124

History

Created	Old Value	New Value	Data Type	Notes
2024-07-20 13:03:27				Added to TrackCVE