Lucene search

[email protected]CVE-2020-28874

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-28874

2021-01-2618:15:00

CWE-404

CWE-287

[email protected]

web.nvd.nist.gov

projectsend

reset-password.php

cve-2020-28874

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).

CPENameOperatorVersion
projectsend:projectsendprojectsendltr1295

CPE	Name	Operator	Version
projectsend:projectsend	projectsend	lt	r1295

References

projectsend.com

github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e

github.com/projectsend/projectsend/commits/master

github.com/projectsend/projectsend/releases/tag/r1295

github.com/varandinawer/CVE-2020-28874

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2020-28874

prion1 osv1 cvelist1 githubexploit1