From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: AUTH environment variable not respected in server entry point. - Vulnerability Type: High. - Impact: In affected versions (< v1.10.0), the AUTH environment variable is not properly handled, allowing unauthorized users to connect even when credentials are set. 2. Affected Versions: - Affected Version Range: < v1.10.0. - Fixed Version: v1.10.0. 3. Vulnerability Details: - Documentation: Chisel server documentation mentions that the AUTH environment variable can be set to provide credentials. - Code Implementation: In the file, the AUTH environment variable is not correctly read. - Issue Description: At the server entry point, the AUTH environment variable is not properly processed, allowing unauthorized users to connect. 4. PoC: - Demonstration Steps: Running with credentials set first, then using the parameter, demonstrates the different server behaviors. 5. Impact: - Affected Users: Any users running Chisel server and using the AUTH environment variable to specify credentials. - Affected Scenarios: Chisel is often used to provide entry points to private networks and to expose services to the internet. Attackers can connect to the Chisel server and forward traffic from remote ports, enabling MITM attacks. 6. Vulnerability ID: - CVE ID: CVE-2024-43798. 7. Vulnerability Classification: - CVSS Score: 8.6/10. - Classification: CWE-306 and CWE-1068. 8. Contributors: - Reporter: ileyton. - Discoverer: korewaChino. - Fixer: jpillora. This information provides a detailed description of the vulnerability, its scope of impact, and remediation, helping to understand the severity and how to address it.