Lucene search

CVE-2024-37897 Insufficient access control for password reset in sftpgo

🗓️ 20 Jun 2024 17:52:32Reported by GitHub_MType

CVE-2024-37897 SFTPGo insufficient password reset access contro

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Vulnrichment	CVE-2024-37897 Insufficient access control for password reset in sftpgo	20 Jun 202417:32	–	vulnrichment
Veracode	Incorrect Authorization	21 Jun 202407:02	–	veracode
NVD	CVE-2024-37897	20 Jun 202418:15	–	nvd
OSV	GHSA-HW5F-6WVV-XCRH SFTPGo has insufficient access control for password reset	20 Jun 202416:11	–	osv
OSV	GO-2024-2940 SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo	28 Jun 202415:28	–	osv
OSV	CVE-2024-37897	20 Jun 202418:15	–	osv
CVE	CVE-2024-37897	20 Jun 202418:15	–	cve
Github Security Blog	SFTPGo has insufficient access control for password reset	20 Jun 202416:11	–	github

[
  {
    "vendor": "drakkan",
    "product": "sftpgo",
    "versions": [
      {
        "version": ">= 2.2.0, < 2.6.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/drakkan/sftpgo/commit/1f8ac8bfe16100b0484d6c91e1e8361687324423
github	www.github.com/drakkan/sftpgo/security/advisories/GHSA-hw5f-6wvv-xcrh

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Jun 2024 17:32Current

CVSS35.4

EPSS0.00113

CWE-287