CVE-2024-7659

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-7659
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7659.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7659
Published
2024-08-12T13:38:49Z
Modified
2025-05-28T10:27:46.297955Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/projectsend/projectsend

Affected ranges

Type
GIT
Repo
https://github.com/projectsend/projectsend
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

Stable
r1053
r1070
r1270
r1295
r1335
r1415
r1420
r1584
r1605
r559
r753
r754
r756