EUVD-2020-28505

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

OpenCRX versions 4.30 and 5.0 prior to 5.0-20200904 have an unverified password change vulnerability.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2020-7378	24 Nov 202020:46	–	circl
CNNVD	Crixp Opencrx License Issue Vulnerability	24 Nov 202000:00	–	cnnvd
CVE	CVE-2020-7378	24 Nov 202016:35	–	cve
Cvelist	CVE-2020-7378 CRIXP OpenCRX Unverified Password Change	24 Nov 202016:35	–	cvelist
NVD	CVE-2020-7378	24 Nov 202017:15	–	nvd
OSV	CVE-2020-7378	24 Nov 202017:15	–	osv
Prion	Design/Logic Flaw	24 Nov 202017:15	–	prion
Rapid7 Blog	CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)	24 Nov 202014:39	–	rapid7blog

[
  {
    "enisaIdVendor": [
      {
        "id": "722d0377-a79d-33e6-b749-c00dfa1cd176",
        "vendor": {
          "name": "CRIXP"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5af3c210-2e01-39ab-b111-c137ad0ced3d",
        "product": {
          "name": "OpenCRX"
        },
        "product_version": "5.0-20200717 ≤5.0-20200717"
      },
      {
        "id": "ae1b941a-6d76-3057-8fe3-20700a106ce3",
        "product": {
          "name": "OpenCRX"
        },
        "product_version": "4.30 ≤4.30"
      }
    ]
  }
]

Source	Link
blog	www.blog.rapid7.com/2020/11/24/cve-2020-7378-opencrx-unverified-password-change/
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9High risk

Vulners AI Score9

CVSS 3.19.1

CVSS 26.4

EPSS0.08686