Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9 | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/08/09/4 |
Configurations
History
21 Nov 2024, 09:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Aug 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:* | |
References | () https://lists.apache.org/thread/j7c080xj31x8rvz1pyk2h47rdd9pwbv9 - Mailing List, Vendor Advisory | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Apache answer
Apache |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-11-21 09:33
NVD link : CVE-2024-41890
Mitre link : CVE-2024-41890
CVE.ORG link : CVE-2024-41890
JSON object : View
Products Affected
apache
- answer
CWE
CWE-772
Missing Release of Resource after Effective Lifetime