GHSA-v46j-h43h-rwrm

Suggest an improvement
Source
https://github.com/advisories/GHSA-v46j-h43h-rwrm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-v46j-h43h-rwrm/GHSA-v46j-h43h-rwrm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v46j-h43h-rwrm
Aliases
Published
2024-10-25T19:21:43Z
Modified
2024-10-25T19:27:15.273559Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Autolab Misconfigured Reset Password Permissions
Details

Impact

For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.

Patches

This is fixed in v3.0.1.

Workarounds

No workarounds.

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/autolab/Autolab/ Email us at autolab-dev@andrew.cmu.edu

References

Affected packages

RubyGems / Autolab

Package

Name
Autolab
Purl
pkg:gem/Autolab

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.1

Affected versions

3.*

3.0.0