Improper Authentication
ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...