CVE-2024-39891

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. Vendor/Product: Twilio Authy. Added to CISA KEV 2024-07-23; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.