Lucene search

PRIOn knowledge basePRION:CVE-2019-16303

HistorySep 14, 2019 - 12:15 a.m.

Default credentials

2019-09-1400:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.

CPENameOperatorVersion
jhipsterlt6.3.0
jhipster_kotlinle1.1.0

CPE	Name	Operator	Version
	jhipster	lt	6.3.0
	jhipster_kotlin	le	1.1.0

References

github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7

github.com/jhipster/generator-jhipster/issues/10401

github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c

github.com/jhipster/jhipster-kotlin/issues/183

lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E

lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E

lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E

www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html