GHSA-2hp9-3xfr-r9w2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2hp9-3xfr-r9w2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-2hp9-3xfr-r9w2/GHSA-2hp9-3xfr-r9w2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2hp9-3xfr-r9w2
- Aliases
- Published
- 2023-04-27T03:30:23Z
- Modified
- 2025-01-31T21:46:55.085556Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Insufficient token expiration in Serenity
- Details
-
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.
- Database specific
{ "nvd_published_at": "2023-04-27T03:15:10Z", "cwe_ids": [ "CWE-640" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-04-27T17:09:21Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-31287
- https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2
- https://github.com/serenity-is/Serenity
- https://packetstorm.news/files/id/172648
- http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html
- http://seclists.org/fulldisclosure/2023/May/14
Affected packages
NuGet / Serenity.Net.Core
Package
- Name
- Serenity.Net.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/Serenity.Net.Core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.0
Affected versions
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.6
6.4.7
6.4.8
6.4.9
6.4.10
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6
NuGet / Serenity.Net.Web
Package
- Name
- Serenity.Net.Web
- View open source insights on deps.dev
- Purl
- pkg:nuget/Serenity.Net.Web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.0
Affected versions
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.6
6.4.7
6.4.8
6.4.9
6.4.10
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6