7 matches found
ROS-20260324-73-0031
A vulnerability in the pnvphp component of the Linux operating system kernel is related to the non-release of a resource after its valid exploitation period has expired. Exploitation of the vulnerability allows an attacker to cause a denial of service...
Invitation Token Circumvention
deviseinvitable is vulnerable to Invitation Token Circumvention. The vulnerability is due to improper validation of the expiry period of pending invitations, allowing attackers to accept invitations indefinitely through the password reset functionality...
Possibility to circumvent the invitation token expiry period
Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...
Design/Logic Flaw
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the deviseinvitable gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable...
CVE-2023-48220 Decidim's devise_invitable gem vulnerable to circumvention of invitation token expiry period
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the deviseinvitable gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable...
Possibility to circumvent the invitation token expiry period
Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...
Possibility to circumvent the invitation token expiry period
Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...