CVE-2024-41962 MEDIUM

CVE-2024-41962: Bostr Improper Authorization

Vendor Yonle

Product bostr

Weakness CWE-285

Published August 1, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10.

Key dates

02Disclosure timeline

August 1, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-41962

Related vulnerabilities

04Related CVE

CVE-2025-62401 Moodle: possible to bypass timer in timed assignments CVE-2025-3536 Tutorials-Website Employee Management System delete-user.php improper authorization CVE-2021-22862 Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks CVE-2022-47553 Improper Authorization in Ormazabal products CVE-2025-26683 Azure Playwright Elevation of Privilege Vulnerability