2 matches found
CVE-2020-4072
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...
CVE-2020-4072
CVE-2020-4072 affects generator-jhipster-kotlin 1.6.0. It allows log forging by creating log entries for invalid password reset attempts using a user-provided email; the issue arises in applications generated with JWT or session authentication (OAuth apps are not affected). The root cause is logg...