CVE-2023-31287

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-31287

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31287.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-31287

Aliases

GHSA-2hp9-3xfr-r9w2

Published

2023-04-27T03:15:10Z

Modified

2024-05-14T20:49:53Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

References

Affected packages

Git / github.com/serenity-is/serenity

Affected ranges

Type: GIT
Repo: https://github.com/serenity-is/serenity
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

11b9d267f840513d04b4f4d4876de7823a6e48d2