Lucene search
K

5 matches found

OSV
OSV
added 2026/05/20 3:37 p.m.8 views

GHSA-MW8F-W6P8-XRF4 wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None

Summary GHSA-mhc8-p3jx-84mm CVE-2026-43948 reported that wger's resetuserpassword and gympermissionsuseredit views in wger/gym/views/user.py performed a gym-scope authorization check using Django ORM object comparison if request.user.userprofile.gym != user.userprofile.gym which silently passes...

8.5CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2026/05/12 8:47 p.m.18 views

CVE-2026-43948

Summary (CVE-2026-43948 / GHSA-mhc8-p3jx-84mm): In wger, password reset and gym-permissions edits allow a user with gym.manage_gym and gym=None to reset another gym=None user’s password and receive the plaintext password in the HTML response. Root cause: Django ORM object comparison (request.user...

9.9CVSS5.9AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:47 p.m.9 views

CVE-2026-43948 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

9.9CVSS5.9AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 7:50 p.m.76 views

GHSA-MHC8-P3JX-84MM wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6AI score0.00371EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/06 7:50 p.m.10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resetuserpassword and gympermissionsuseredit function when both the attacker and victim have gym=None. An attacker can gain unauthorized access to another user's account, obtain their new plaintext passwor...

9.9CVSS5.8AI score0.00371EPSS
Exploits0References2
Rows per page
Query Builder