An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
CVE-2023-26984 Vulnerability Explanation: An issue in the password reset function of Peppermint v024 allows attackers to access the emails and passwords of the Tickets page via a crafted request Attack Vectors: The attacker had to log in with the user role and reset the password Then intercept the traffic and change the id to admin role or another user (An attacker can see