Описание
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.2 (включая) до 4.5.4 (включая)
cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
github
больше 3 лет назад
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.
EPSS
Процентиль: 44%
0.00213
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319