Lucene search

GitHub Advisory DatabaseGHSA-7XM8-WJQ7-88R5

HistoryJan 29, 2024 - 9:30 p.m.

DeviceFarmer stf uses DES-ECB

2024-01-2921:30:27

CWE-327

GitHub Advisory Database

github.com

devicefarmer

stf

v3.6.6

deprecated

cryptography

broken algorithm

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

29.5%

JSON

DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.

Affected configurations

Vulners

Node

devicefarmerstfRange≤3.6.6

VendorProductVersionCPE
devicefarmerstf*cpe:2.3:a:devicefarmer:stf:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
devicefarmer	stf	*	cpe:2.3:a:devicefarmer:stf::::::::

References

github.com/advisories/GHSA-7xm8-wjq7-88r5

github.com/DeviceFarmer/stf

github.com/DeviceFarmer/stf/blob/a6b5f18941d0de5929f9c24c3ce3e9c13317a653/lib/util/vncauth.js#L35

github.com/DeviceFarmer/stf/issues/736

github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51839.md

nvd.nist.gov/vuln/detail/CVE-2023-51839

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

29.5%

JSON

Related for GHSA-7XM8-WJQ7-88R5