CVE-2020-14423
- Source
- https://cve.org/CVERecord?id=CVE-2020-14423
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14423.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14423
- Published
- 2020-06-18T14:15:11.107Z
- Modified
- 2026-02-18T07:21:38.235994Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations.
- References
Affected packages
Git / github.com/convos-chat/convos
Affected ranges
- Type
- GIT
- Repo
- https://github.com/convos-chat/convos
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.99.35
v0.99_21
v0.99_22
v0.99_23
v0.99_25
v0.99_26
v0.99_27
v0.99_28
v0.99_29
v0.99_30
v0.99_31
v0.99_32
v0.99_33
v0.99_34
v0.99_36
v0.99_37
v0.99_38
v0.99_39
v0.99_40
v1.*
v1.00
v1.01
v1.02
v2.*
v2.00
v3.*
v3.00
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.08
v3.09
v3.10
v3.11
v3.12
v4.*
v4.00
v4.01
v4.02
v4.03
v4.04
v4.05
v4.06
v4.07
v4.08
v4.09
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.18
v4.19