Описание
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.
Ссылки
- MitigationPatchVendor Advisory
- MitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.3.0 (включая) до 3.5.1 (исключая)
cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00451
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.
EPSS
Процентиль: 63%
0.00451
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-noinfo