A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf | Mitigation Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf | Mitigation Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 06:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf - Mitigation, Patch, Vendor Advisory |
Information
Published : 2022-03-08 12:15
Updated : 2024-11-21 06:53
NVD link : CVE-2022-26313
Mitre link : CVE-2022-26313
CVE.ORG link : CVE-2022-26313
JSON object : View
Products Affected
mendix
- forgot_password
CWE