Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveVulDBCVE-2024-7659
HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-7659

2024-08-1213:38:49
CWE-330
VulDB
web.nvd.nist.gov
29
vulnerability
projectsend
r1605
remote attack
password reset token
generate_random_string
functions.php
insufficiently random values
upgrade
r1720

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

41.1%

JSON

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

Affected configurations

Nvd
Node
projectsendprojectsendRange<r1720

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "projectsend",
    "versions": [
      {
        "version": "r1605",
        "status": "affected"
      }
    ],
    "modules": [
      "Password Reset Token Handler"
    ]
  }
]

Related

osv 1
cvelist 1
vulnrichment 1
nvd 1
osv
osv
CVE-2024-7659
2024-08-12 13:38:49
cvelist
cvelist
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
2024-08-11 02:31:04
vulnrichment
vulnrichment
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
2024-08-11 02:31:04
nvd
nvd
CVE-2024-7659
2024-08-12 13:38:49

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

41.1%

JSON
Related for CVE-2024-7659
osv1cvelist1vulnrichment1nvd1