exploitDog

GHSA-92jv-wxcr-6fgw

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.

Ссылки

EPSS

Процентиль: 53%

0.00298

Низкий

CVE ID

Связанные уязвимости

CVE-2020-14423

CVSS3: 5.3

nvd

больше 5 лет назад

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.

EPSS

Процентиль: 53%

0.00298

Низкий

CVE ID