Vulnerability Description
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Serenity | Serene | < 6.7.0 |
| Serenity | Startsharp | < 6.7.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Up
- http://seclists.org/fulldisclosure/2023/May/14
- https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823PatchVendor Advisory
- http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Up
- http://seclists.org/fulldisclosure/2023/May/14
- https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823PatchVendor Advisory
- https://packetstorm.news/files/id/172648
FAQ
What is CVE-2023-31287?
CVE-2023-31287 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid e...
How severe is CVE-2023-31287?
CVE-2023-31287 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31287?
Check the references section above for vendor advisories and patch information. Affected products include: Serenity Serene, Serenity Startsharp.