PT-2024-29619 · Apache · Apache Answer

·

CVE-2024-41888

·

Published

2024-08-09

·

Updated

2024-08-29

CVSS v4.0

6.3

Medium

VectorAV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Apache Answer versions through 1.3.5
Description The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking.
Recommendations For Apache Answer versions through 1.3.5, upgrade to version 1.3.6 to fix the issue.

Exploit

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2024-41888
GHSA-V3X9-WRQ5-868J
GO-2024-3065

Affected Products

Apache Answer