CVE-2024-39891
Twilio Authy Information Disclosure Vulnerability
CVSS
—
No CVSS
EPSS
1.5%
p71
KEV
YES
Jul 23, 2024
Exploit Today
71
0-100
Published: — · Last modified: —
Product
Twilio / Authy
Vulnerability
Twilio Authy Information Disclosure Vulnerability
Added to KEV
Jul 23, 2024
Remediate by
Aug 13, 2024
Known ransomware use
No
Summary description
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891
No related CVEs by CWE or product.