Vulnerability in Drakkan Sftpgo

CVE-2024-52801

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby g…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (28.3th percentile) — read the EPSS interpretation.

Affected products

Drakkan Sftpgo — versions >= 2.3.0, < 2.6.4

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

https://github.com/drakkan/sftpgo/security/advisories/GHSA-6943-qr24-82vx (x_refsource_CONFIRM)
https://github.com/drakkan/sftpgo/commit/f30a9a2095bf90c0661b04fe038e3b7efc788bc6 (x_refsource_MISC)
https://github.com/rs/xid (x_refsource_MISC)