PT-2023-14435 · Gnuboard · Gnuboard
Publicado
2023-02-20
·
Atualizado
2025-03-18
·
CVE-2022-44216
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Gnuboard versions 5.5.4 through 5.5.5
Description
The issue allows an attacker to change the password of all users without knowing the victim's original password, due to insecure permissions.
Recommendations
For versions 5.5.4 and 5.5.5, consider restricting access to password change functionality until a fix is available.
As a temporary workaround, restrict the ability to change passwords for all users to minimize the risk of exploitation.
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gnuboard