Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.
History

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 25 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache answer
CPEs cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache answer
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 07:45:00 +0000

Type Values Removed Values Added
Description Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.
Title Apache Answer: Avatar URL leaked user email addresses
Weaknesses CWE-326
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-09-25T07:31:08.416Z

Updated: 2024-09-27T19:02:34.376Z

Reserved: 2024-07-10T07:49:21.665Z

Link: CVE-2024-40761

cve-icon Vulnrichment

Updated: 2024-09-27T19:02:34.376Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-25T08:15:04.437

Modified: 2024-11-21T09:31:34.510

Link: CVE-2024-40761

cve-icon Redhat

No data.