PT-2024-29621 · Apache · Apache Answer
Mohammad Reza Omrani
·
Published
2024-08-09
·
Updated
2024-08-29
·
CVE-2024-41890
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Answer versions through 1.3.5
Description
The issue affects Apache Answer, where a user can send multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.
Recommendations
For versions through 1.3.5, upgrade to version 1.3.6 to fix the issue.
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer