Lucene search
+L

4 matches found

NVD
NVD
added 2020/06/25 8:15 p.m.25 views

CVE-2020-4072

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...

5.3CVSS0.01214EPSS
Exploits0References4
CVE
CVE
added 2020/06/25 8:5 p.m.48 views

CVE-2020-4072

CVE-2020-4072 affects generator-jhipster-kotlin 1.6.0. It allows log forging by creating log entries for invalid password reset attempts using a user-provided email; the issue arises in applications generated with JWT or session authentication (OAuth apps are not affected). The root cause is logg...

5.3CVSS5.2AI score0.01214EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/06/25 8:5 p.m.25 views

CVE-2020-4072 Log Forging in generator-jhipster-kotlin

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...

5.3CVSS5.3AI score0.01214EPSS
Exploits0References4
Node.js
Node.js
added 2019/09/26 9:27 p.m.30 views

Cryptographically Weak PRNG

Overview All versions of generator-jhipster-kotlin use a Cryptographically Weak PRNG that may lead to account takeover. The package uses a cryptographically insecure method to generate password reset links, which allows an attacker to guess password reset links and takeover accounts. Recommendati...

7.5CVSS2.1AI score0.03673EPSS
Exploits1Affected Software1
Rows per page
Query Builder