Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-26984

Published: 29/03/2023 Updated: 05/04/2023
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Peppermint

Vulnerability Summary

An issue in the password reset function of Peppermint v0.2.4 allows malicious users to access the emails and passwords of the Tickets page via a crafted request.

Vulnerable Product Search on Vulmon Subscribe to Product

peppermint peppermint 0.2.4

Github Repositories

https://github.com/bypazs/CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

CVE-2023-26984 Vulnerability Explanation: An issue in the password reset function of Peppermint v024 allows attackers to access the emails and passwords of the Tickets page via a crafted request Attack Vectors: The attacker had to log in with the user role and reset the password Then intercept the traffic and change the id to admin role or another user (An attacker can see

References

CWE-639https://github.com/Peppermint-Lab/peppermint/tree/masterhttps://github.com/bypazs/CVE-2023-26984https://peppermint.sh/https://nvd.nist.govhttps://github.com/bypazs/CVE-2023-26984
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook