PT-2019-11959 · Contao · Contao

Ali Razzaq

·

Publicado

2019-04-17

·

Atualizado

2022-05-13

·

CVE-2019-10643

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Contao version 4.7
Description The issue allows the use of a key past its expiration date. A security researcher discovered that confirming an opt-in token does not invalidate previous opt-in tokens.
Recommendations For Contao version 4.7, update the opt-in token validation process to invalidate previous tokens upon confirmation of a new token. As a temporary workaround, consider implementing additional validation checks to ensure that expired keys are not used.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-324

Identificadores relacionados

CVE-2019-10643
GHSA-J99G-QJVX-995G

Produtos afetados

Contao