What is CVE-2024-39899?

CVE-2024-39899 is a medium-severity vulnerability in Privatebin, classified under Authentication Bypass by Primary Weakness. CVSS score: 5.3/10. Published 2024-07-09.

How severe is CVE-2024-39899?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-39899 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Privatebin

CVE-2024-39899

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance with…

EPSS: 0.001 (28.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Privatebin — versions >= 1.5.0, < 1.7.4

Weakness classification (CWE)

Public proof-of-concept exploits

nbxiglk0/nbxiglk0

References

https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j (x_refsource_CONFIRM)
https://github.com/PrivateBin/PrivateBin/pull/1370 (x_refsource_MISC)
https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-39899?: CVE-2024-39899 is a medium-severity vulnerability in Privatebin, classified under Authentication Bypass by Primary Weakness. CVSS score: 5.3/10. Published 2024-07-09.
How severe is CVE-2024-39899?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-39899 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.