231 matches found
CVE-2023-4127 Race Condition within a Thread in answerdev/answer
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...
CVE-2023-4127 Race Condition within a Thread in answerdev/answer
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...
CVE-2023-4126
Affected software/component: answerdev/answer (GitHub repo). Vulnerability: Insufficient Session Expiration in the authentication/session handling mechanism. Root cause: session expiration is not sufficiently enforced, as described for versions prior to 1.1.0. Impact (per CVSS/related records): h...
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4125 Weak Password Requirements in answerdev/answer
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...
CVE-2023-4124 Missing Authorization in answerdev/answer
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...
answer Code Issue Vulnerability
answer is an open source knowledge-based community software. A code issue vulnerability exists in answerdev/answer versions prior to 1.1.0 that stems from a session expiration insufficiency issue that allows an attacker to reuse old session credentials or IDs for authorization...
PT-2023-27869 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.1.0 Description: The issue concerns weak password requirements in the GitHub repository answerdev/answer. Recommendations: For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue...
PT-2023-20354 · Answerdev · Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.9 Description: The issue is related to missing authorization in the GitHub repository answerdev/answer. This can lead to a user rating their own answer as the best answer. Recommendations: For versions...
CVE-2023-2590 Missing Authorization in answerdev/answer
Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9...
CVE-2023-2590
CVE-2023-2590 affects github.com/answerdev/answer. The vulnerability is described as Missing Authorization in answerdev/answer prior to version 1.0.9. Reported impacts in multiple sources indicate an ability for unauthorized actions such as a user rating their own answer as the best, reflecting a...
Answer vulnerable to Exposure of Sensitive Information Through Metadata
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 may expose sensitive information, such as EXIF data and GPS coordatinates, via image metadata...
GHSA-65V8-6PVW-JWVQ Answer vulnerable to Insertion of Sensitive Information Into Sent Data
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...
Information disclosure
Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8...
PT-2023-17382 · Unknown · Answerdev/Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the exposure of sensitive information through metadata in the answerdev/answer GitHub repository. This exposure can include sensitive data such as EXIF data and GPS...
CVE-2023-1975 Insertion of Sensitive Information Into Sent Data in answerdev/answer
Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8...
CVE-2023-1976 Password Aging with Long Expiration in answerdev/answer
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-1976
CVE-2023-1976 affects answerdev/answer (open-source knowledge-based community software). The root cause is password reset links not expiring, enabling potential account takeover for versions prior to 1.0.6. Exploitation details are not provided in the documents; impact is described as account tak...