PT-2024-29619 · Apache · Apache Answer
Mohammad Reza Omrani
·
Published
2024-08-09
·
Updated
2024-08-29
·
CVE-2024-41888
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Answer versions through 1.3.5
Description
The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking.
Recommendations
For Apache Answer versions through 1.3.5, upgrade to version 1.3.6 to fix the issue.
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer