Lucene search
ApacheVULNRICHMENT:CVE-2024-41890HistoryAug 09, 2024 - 2:53 p.m.
CVE-2024-41890 Apache Answer: The link to reset the user's password will remain valid after sending a new link
2024-08-0914:53:28
CWE-772
apache
github.com
5
cve-2024-41890
apache answer
password reset
vulnerability
upgrade
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link’s validity period, this could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Answer",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.3.5"
}
],
"defaultStatus": "unaffected"
}
]Related
veracode
veracode
Missing Release Of Resource After Effective Lifetime
2024-08-13 06:19:41
cvelist
cvelist
nvd
nvd
CVE-2024-41890
2024-08-12 13:38:31
github
github
osv
osv
cve
cve
CVE-2024-41890
2024-08-12 13:38:31
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-41890