CVE-2024-39891
Twilio Authy Information Disclosure Vulnerability
CVSS
—
Sin CVSS
EPSS
1.5%
p71
KEV
SÍ
23 jul 2024
Exploit Today
71
0-100
Publicado: — · Última mod.: —
Producto
Twilio / Authy
Vulnerabilidad
Twilio Authy Information Disclosure Vulnerability
Añadido a KEV
23 jul 2024
Remediar antes de
13 ago 2024
Uso conocido en ransomware
No
Descripción resumida
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891
Sin CVEs relacionados por CWE o producto.