CVE-2023-26770

Name of the Vulnerable Software and Affected Versions TaskCafe version 0.3.2

Description The issue is related to a lack of validation in the Cookie value, which allows an unauthenticated attacker who knows a registered UserID to change the password of that user. This can be exploited by attackers without authentication, posing a significant risk.

Recommendations For TaskCafe version 0.3.2, consider disabling the password reset functionality until a patch is available to prevent exploitation. Restrict access to the Cookie value to minimize the risk of unauthorized password changes. Avoid using the UserID in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.