Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-2hp9-3xfr-r9w2: Insufficient token expiration in Serenity

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

ghsa
#web#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-31287

Insufficient token expiration in Serenity

Moderate severity GitHub Reviewed Published Apr 27, 2023 to the GitHub Advisory Database • Updated Apr 27, 2023

Package

nuget Serenity.Net.Core (NuGet)

Affected versions

< 6.7.0

nuget Serenity.Net.Web (NuGet)

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-31287
  • serenity-is/Serenity@11b9d26

Published to the GitHub Advisory Database

Apr 27, 2023

Last updated

Apr 27, 2023

Related news

Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens

Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.

CVE-2023-31287: :up: 6.7.0 · serenity-is/Serenity@11b9d26

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection