PT-2018-13976 · Enalean · Tuleap

Swapnil Jain

·

Published

2018-09-21

·

Updated

2019-01-29

·

CVE-2018-17298

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Enalean Tuleap versions prior to 10.5
Description An issue was discovered where reset password links are not invalidated after a user changes their password.
Recommendations For versions prior to 10.5, update to version 10.5 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2018-17298

Affected Products

Tuleap