CVE-2024-41258 – This vulnerability in filestash v0.4 disables S... (How to Fix)

Q: What is the severity of CVE-2024-41258?

CVE-2024-41258 has a CVSS score of 5.3 (MEDIUM). This vulnerability in filestash v0.4 disables SSH host key verification, allowing man-in-the-middle attackers to intercept and potentially steal sensitive data transmitted via SSH connections. Anyone using the vulnerable version of filestash with SSH functionality is affected.

📋 TL;DR

This vulnerability in filestash v0.4 disables SSH host key verification, allowing man-in-the-middle attackers to intercept and potentially steal sensitive data transmitted via SSH connections. Anyone using the vulnerable version of filestash with SSH functionality is affected.

💻 Affected Systems

Products:

filestash

Versions: v0.4

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using SSH functionality. The vulnerability exists in the code's use of ssh.InsecureIgnoreHostKey().

📦 What is this software?

Filestash by Filestash

View all CVEs affecting Filestash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept SSH connections, steal credentials, access sensitive files, and potentially compromise the entire filestash server and connected systems.

🟠

Likely Case

Attackers intercept SSH traffic to steal authentication credentials and sensitive file contents during transfers.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to potential credential exposure without lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires man-in-the-middle position between filestash and SSH server. Public proof-of-concept exists in the GitHub gist reference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Disable SSH functionality

all

Remove or disable SSH connections in filestash configuration

Edit configuration to remove SSH backend options

Use alternative secure protocols

all

Replace SSH connections with HTTPS or other secure protocols

Configure filestash to use HTTPS/SFTP with proper certificate validation

🧯 If You Can't Patch

Segment network to prevent man-in-the-middle attacks between filestash and SSH servers
Implement certificate pinning or strict host key verification through custom code modifications

🔍 How to Verify

Check if Vulnerable:

Check if using filestash v0.4 with SSH functionality enabled. Review source code for ssh.InsecureIgnoreHostKey() usage.

Check Version:

Check filestash version in web interface or configuration files

Verify Fix Applied:

Verify SSH connections fail when host key changes, or that SSH functionality is disabled.

📡 Detection & Monitoring

Log Indicators:

Unexpected SSH connection failures
Multiple SSH connection attempts from same source

Network Indicators:

Unusual SSH traffic patterns
SSH connections to unexpected destinations

SIEM Query:

source="filestash" AND (event="ssh_connection" OR event="authentication_failure")

📊 Metadata

CVE ID: CVE-2024-41258

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-347

Published: July 31, 2024

Last Updated: March 13, 2025

🔗 References

https://gist.github.com/nyxfqq/ed8c2ba3398c9e28cd8dbf0902bd8edf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41258, you might also want to check these: