exploitDog

CVE-2019-19857

Опубликовано: 15 янв. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

Ссылки

https://websec.nl/news.php
Third Party Advisory
https://websec.nl/news.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:serpico_project:serpico:1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00209

Низкий

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-x4cg-7v4w-vqhc

github

больше 3 лет назад

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

EPSS

Процентиль: 43%

0.00209

Низкий

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287