PT-2024-29619 · Apache · Apache Answer
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Answer versions through 1.3.5
Description
The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking.
Recommendations
For Apache Answer versions through 1.3.5, upgrade to version 1.3.6 to fix the issue.
Exploit
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer