Vulnerability DatabaseCVE-2024-41124
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-41124
July 19, 2024
Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability.
Affected Packages
puncia (PYTHON):
Affected version(s) >=0.1 <0.21
Fix Suggestion:
Update to version 0.21
Related ResourcesĀ (6)
https://github.com/ARPSyndicate/puncia/security/advisories/GHSA-rwcj-7jjp-4w38
https://github.com/ARPSyndicate/puncia/commit/033f3b68126eabbb2040ce16e2c3a2ce17437fbd
https://nvd.nist.gov/vuln/detail/CVE-2024-41124
https://github.com/ARPSyndicate/puncia/commit/033f3b68126eabbb2040ce16e2c3a2ce17437fbd#diff-3ec6c2de51e702726b23c452e3f4a899f6f4253af9fbf5be7254a5c1407ab526
https://github.com/ARPSyndicate/puncia
https://github.com/ARPSyndicate/puncia/issues/8
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.4
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Cleartext Transmission of Sensitive Information
CWE-319
Missing Encryption of Sensitive Data
CWE-311
EPSS
Base Score:
0.03