1. Home
  2. CVE Database
  3. CVE-2024-50356
NONE · 0.0

CVE-2024-50356

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mai...

Vulnerability Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Only users who have enabled 2FA are affected. Commit ba0007c28ac814260f836849bc07d29beea7deb6 patches this bug.

CVSS Score

0.0

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
NONE

Related Weaknesses (CWE)

CWE-640

References

FAQ

What is CVE-2024-50356?

CVE-2024-50356 is a vulnerability with a CVSS score of 0.0 (NONE). Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mai...

How severe is CVE-2024-50356?

CVE-2024-50356 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-50356?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.