Описание
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
Ссылки
- Third Party AdvisoryVDB Entry
- ProductVendor Advisory
- Third Party AdvisoryVDB Entry
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.19.23.5311 (включая)
cpe:2.3:a:anuko:time_tracker:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10185
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
EPSS
Процентиль: 93%
0.10185
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613