Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
References
| Link | Resource |
|---|---|
| https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4 | Mailing List Vendor Advisory |
Configurations
History
29 Aug 2024, 12:55
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apache answer
Apache |
|
| References | () https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4 - Mailing List, Vendor Advisory | |
| CPE | cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| Summary |
|
12 Aug 2024, 13:41
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-29 12:55
NVD link : CVE-2024-41888
Mitre link : CVE-2024-41888
CVE.ORG link : CVE-2024-41888
JSON object : View
Products Affected
apache
- answer
CWE
CWE-772
Missing Release of Resource after Effective Lifetime