CVE-2024-7659

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7659

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7659.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7659

Published

2024-08-12T13:38:49Z

Modified

2025-05-28T10:27:46.297955Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/projectsend/projectsend

Affected ranges

Type: GIT
Repo: https://github.com/projectsend/projectsend
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

01892437a4b133f84864b0fb83ddf85efac2d5a9

Fixed

aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17

Affected versions

Other

Stable

r1053

r1070

r1270

r1295

r1335

r1415

r1420

r1584

r1605

r559

r753

r754

r756