Base Score

CRITICAL9.1

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 06, 2024, 21:16

Affected Versions(1)

github.com/appleboy/gorush(Go)

Introduced0

Fixed1.18.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/appleboy/gorush(Go)	0	1.18.5	N/A

Weakness Type (CWE):CWE-327

CVSS Metrics

Base Score

9.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

https://gist.github.com/nyxfqq/cfae38fada582a0f576d154be1aeb1fc

Base Score

CRITICAL9.1

Weakness Type (CWE):CWE-327

CVSS Metrics

Base Score

9.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE