CVE-2024-41255 – This vulnerability in filestash v0.4 disables T... (How to Fix)

Q: What is the severity of CVE-2024-41255?

CVE-2024-41255 has a CVSS score of 7.5 (HIGH). This vulnerability in filestash v0.4 disables TLS certificate verification for FTPS connections, allowing man-in-the-middle attackers to intercept and potentially modify data transfers. It affects all users of filestash v0.4 who use FTPS functionality. The vulnerability exists in the Init function of index.go.

📋 TL;DR

This vulnerability in filestash v0.4 disables TLS certificate verification for FTPS connections, allowing man-in-the-middle attackers to intercept and potentially modify data transfers. It affects all users of filestash v0.4 who use FTPS functionality. The vulnerability exists in the Init function of index.go.

💻 Affected Systems

Products:

filestash

Versions: v0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FTPS protocol usage; other protocols may not be vulnerable.

📦 What is this software?

Filestash by Filestash

View all CVEs affecting Filestash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept sensitive file transfers, inject malicious content, steal credentials, or redirect data to malicious servers, potentially leading to data breaches or system compromise.

🟠

Likely Case

Attackers on the same network could intercept unencrypted FTPS traffic, view or modify transferred files, and potentially capture authentication credentials.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to potential data exposure of intercepted FTPS sessions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to intercept FTPS traffic; public proof-of-concept exists in the reference link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check for updated version beyond v0.4. 2. If available, upgrade to patched version. 3. Restart filestash service. 4. Verify TLS verification is enabled for FTPS.

🔧 Temporary Workarounds

Disable FTPS usage

all

Configure filestash to use alternative secure protocols (SFTP, HTTPS) instead of FTPS.

Modify filestash configuration to remove or disable FTPS protocol support

Network isolation

linux

Restrict FTPS traffic to trusted networks using firewall rules.

iptables -A INPUT -p tcp --dport 990 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 990 -j DROP

🧯 If You Can't Patch

Implement network monitoring for suspicious FTPS traffic patterns
Use VPN or encrypted tunnels for all FTPS connections

🔍 How to Verify

Check if Vulnerable:

Check if using filestash v0.4 and review configuration for FTPS usage with disabled TLS verification.

Check Version:

Check filestash version in web interface or configuration files

Verify Fix Applied:

Test FTPS connections with invalid certificates; connection should fail if TLS verification is properly enabled.

📡 Detection & Monitoring

Log Indicators:

FTPS connection errors
Certificate validation warnings
Unusual FTPS traffic patterns

Network Indicators:

Unencrypted FTPS traffic
FTPS connections to unexpected destinations

SIEM Query:

source="filestash" AND (protocol="FTPS" OR port=990) AND (event="connection" OR event="certificate_error")

📊 Metadata

CVE ID: CVE-2024-41255

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-453

Published: July 31, 2024

Last Updated: September 29, 2025

🔗 References

https://gist.github.com/nyxfqq/c367f2ca9448810924dcf0f1af30b441 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41255, you might also want to check these: