GHSA-2m5g-8xpw-42vp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2m5g-8xpw-42vp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2m5g-8xpw-42vp/GHSA-2m5g-8xpw-42vp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2m5g-8xpw-42vp
- Published
- 2024-05-15T18:07:44Z
- Modified
- 2024-11-29T05:39:45.615991Z
- Severity
-
- 8.9 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
- Summary
- OpenCFP Framework (Sentry) Account takeover via null password reset codes
- Details
-
OpenCFP, an open-source conference talk submission system written in PHP, contains a security vulnerability in its third-party authentication framework, Sentry, developed by Cartalyst. The vulnerability stems from how Sentry handles password reset checks. Users lacking a password reset token stored in the database default to having NULL in the resetpasswordcode column. Exploiting this flaw could allow unauthorized manipulation of any OpenCFP user's password, particularly those without an unused password reset token. Although successful login still requires correlating the numeric user ID with an email address, the identification of likely organizers (users 1-5) may facilitate this process.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-05-15T18:07:44Z" }- References
Affected packages
Packagist / cartalyst/sentry
Package
- Name
- cartalyst/sentry
- Purl
- pkg:composer/cartalyst/sentry
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected2.1.6
Affected versions
v2.*
v2.0.0-alpha1
v2.0.0-alpha2
v2.0.0-alpha3
v2.0.0-alpha4
v2.0.0-alpha5
v2.0.0-alpha6
v2.0.0-alpha7
v2.0.0-alpha8
v2.0.0-beta1
v2.0.0-beta2
v2.0.0-beta3
v2.0.0-beta4
v2.0.0-beta5
v2.0.0-beta6
v2.0.0-RC1
v2.0.0-RC2
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6