CVE-2020-14423

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14423
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14423.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14423
Published
2020-06-18T14:15:11Z
Modified
2024-09-03T03:14:32.578914Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations.

References

Affected packages

Git / github.com/convos-chat/convos

Affected ranges

Type
GIT
Repo
https://github.com/convos-chat/convos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.99.35
v0.99_21
v0.99_22
v0.99_23
v0.99_25
v0.99_26
v0.99_27
v0.99_28
v0.99_29
v0.99_30
v0.99_31
v0.99_32
v0.99_33
v0.99_34
v0.99_36
v0.99_37
v0.99_38
v0.99_39
v0.99_40

v1.*

v1.00
v1.01
v1.02

v2.*

v2.00

v3.*

v3.00
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.08
v3.09
v3.10
v3.11
v3.12

v4.*

v4.00
v4.01
v4.02
v4.03
v4.04
v4.05
v4.06
v4.07
v4.08
v4.09
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.18
v4.19