CVE-2019-13240

Опубликовано: 10 июл. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.

Ссылки

https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/compare/1783b78...8e621f6
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/releases/tag/9.4.1
Third Party Advisory
https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_unsafe_reset.pdf
Exploit
Third Party Advisory
https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/compare/1783b78...8e621f6
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/releases/tag/9.4.1
Third Party Advisory
https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_unsafe_reset.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия до 9.4.1 (исключая)

EPSS

Процентиль: 67%

0.00544

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-640

Связанные уязвимости

CVE-2019-13240

CVSS3: 5.9

ubuntu

больше 6 лет назад

CVE-2019-13240

CVSS3: 5.9

debian

больше 6 лет назад

An issue was discovered in GLPI before 9.4.1. After a successful passw ...

GHSA-59hh-4792-xv6g

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 67%

0.00544

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-640