{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2024-41260","title":"Title"},{"category":"description","text":"A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2024-41260","url":"https://www.suse.com/security/cve/CVE-2024-41260"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"}],"title":"SUSE CVE CVE-2024-41260","tracking":{"current_release_date":"2026-01-06T00:29:45Z","generator":{"date":"2026-01-06T00:29:45Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2024-41260","initial_release_date":"2026-01-06T00:29:45Z","revision_history":[{"date":"2026-01-06T00:29:45Z","number":"2","summary":"references added,severity changed from  to important"}],"status":"interim","version":"2"}}}