Apache Answer: The link to reset the user's password will remain valid after sending a new link

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41890

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41890

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41888

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...

CVE-2024-41888

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...

CVE-2024-41888 Apache Answer: The link for resetting user password is not Single-Use

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...

CVE-2024-41888

The CVE-2024-41888 issue affects Apache Answer through version 1.3.5, where the password-reset link remains valid after use (not single-use), allowing potential misuse or hijacking. The impact is limited to authentication flow abuse as described; affected components are the password reset mechani...

CVE-2024-41888 Apache Answer: The link for resetting user password is not Single-Use

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...

CVE-2024-41890

CVE-2024-41890 affects Apache Answer up to version 1.3.5. The root issue is Missing Release of Resource after Effective Lifetime: password reset links issued in succession can remain valid during the link’s validity period, enabling potential misuse or hijacking of a previously issued link. A fix...

CVE-2024-41890 Apache Answer: The link to reset the user's password will remain valid after sending a new link

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

CVE-2024-41890 Apache Answer: The link to reset the user's password will remain valid after sending a new link

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...

PT-2024-29619 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking. Recommendations: For Apache Answer versions through...

PT-2024-29621 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue affects Apache Answer, where a user can send multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link...

GO-2024-2580 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer

Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...

The vulnerability of the Apache Answer Q&A platform, related to the lack of measures taken to protect the website structure, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Apache Answer Q&A platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

GO-2024-2743 XSS vulnerability via personal website in github.com/apache/incubator-answer

XSS vulnerability via personal website in github.com/apache/incubator-answer...

GHSA-CVQR-MWH6-2VC6 Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...

Apache Answer: XSS vulnerability when changing personal website

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'/XSS vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in...

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...

CVE-2024-29217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the...