Lucene search
ApacheVULNRICHMENT:CVE-2024-41888HistoryAug 09, 2024 - 2:55 p.m.
CVE-2024-41888 Apache Answer: The link for resetting user password is not Single-Use
2024-08-0914:55:14
CWE-772
apache
github.com
3
cve-2024-41888
apache answer
password reset
vulnerability
resource release
upgrade
version 1.3.6
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Answer",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.3.5"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
Apache Answer: The link for resetting user password is not Single-Use
2024-08-12 15:30:50
Apache Answer: The link for resetting user password is not Single-Use in github.com/apache/incubator-answer
2024-08-13 23:22:02
CVE-2024-41888
2024-08-12 13:38:31
veracode
veracode
Resource Leakage
2024-08-13 05:15:00
github
github
Apache Answer: The link for resetting user password is not Single-Use
2024-08-12 15:30:50
cve
cve
CVE-2024-41888
2024-08-12 13:38:31
cvelist
cvelist
nvd
nvd
CVE-2024-41888
2024-08-12 13:38:31
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-41888