Lucene search
GitHub Advisory DatabaseGHSA-QV6X-53JJ-VW59HistoryMay 21, 2024 - 9:30 p.m.
NASA AIT-Core uses unencrypted channels to exchange data over the network
2024-05-2121:30:27
CWE-311
GitHub Advisory Database
github.com
4
nasa
ait-core
v2.5.2
unencrypted
data
exchange
network
attackers
man-in-the-middle
software
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 High
AI Score
Confidence
High
0 Low
EPSS
Percentile
0.0%
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack.
Affected configurations
Node
aitcoreRange≤2.5.2
Related
osv
osv
NASA AIT-Core uses unencrypted channels to exchange data over the network
2024-05-21 21:30:27
veracode
veracode
Cleartext Transmission Of Sensitive Information
2024-05-24 08:46:47
vulnrichment
vulnrichment
CVE-2024-35061
1976-01-01 00:00:00
cvelist
cvelist
CVE-2024-35061
1976-01-01 00:00:00
cve
cve
CVE-2024-35061
2024-05-21 19:15:10
nvd
nvd
CVE-2024-35061
2024-05-21 19:15:10
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 High
AI Score
Confidence
High
0 Low
EPSS
Percentile
0.0%
Related for GHSA-QV6X-53JJ-VW59