exploitDog

GHSA-q62q-p9mg-92r4

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.

Ссылки

EPSS

Процентиль: 37%

0.00155

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-307

Связанные уязвимости

CVE-2021-29023

CVSS3: 5.3

nvd

больше 4 лет назад

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.

EPSS

Процентиль: 37%

0.00155

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-307