Vulnerability Description
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Anuko | Time Tracker | <= 1.19.23.5311 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/160051/Anuko-Time-Tracker-1.19.23.5311-PasThird Party AdvisoryVDB Entry
- https://www.anuko.com/time-tracker/index.htmProductVendor Advisory
- https://packetstormsecurity.com/files/160051/Anuko-Time-Tracker-1.19.23.5311-PasThird Party AdvisoryVDB Entry
- https://www.anuko.com/time-tracker/index.htmProductVendor Advisory
FAQ
What is CVE-2020-27422?
CVE-2020-27422 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
How severe is CVE-2020-27422?
CVE-2020-27422 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27422?
Check the references section above for vendor advisories and patch information. Affected products include: Anuko Time Tracker.