5 matches found
CVE-2024-45298
Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...
CVE-2024-45298
Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...
CVE-2024-45298 Disabled user can bypass lockout by requesting password reset in wiki.js
Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...
CVE-2024-45298
Wiki.js exposes an authentication bypass where a disabled user can regain access by abusing the password reset flow. Affected: Wiki.js 2.5.303. Root cause: password reset handling allows access despite disabled status. Remediation: upgrade to version 2.5.304 (or later). No additional exploit deta...
CVE-2024-45298 Disabled user can bypass lockout by requesting password reset in wiki.js
Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...