Zurück zur CVE-Übersicht
CVE-2024-23688
MEDIUM(5.3)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Risk Signal Score13/100 — NIEDRIG
- CVSS 5.3 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
5.3
Technische Schwere
Beschreibung
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
Referenzen
- https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g
- https://github.com/advisories/GHSA-w3hj-wr2q-x83g
- https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g
- https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g
- https://github.com/advisories/GHSA-w3hj-wr2q-x83g
- https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g