Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-2hp9-3xfr-r9w2: Insufficient token expiration in Serenity

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

ghsa
Open in Source
#web#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-31287

Insufficient token expiration in Serenity

Moderate severity GitHub Reviewed Published Apr 27, 2023 to the GitHub Advisory Database • Updated Apr 27, 2023

Package

nuget Serenity.Net.Core (NuGet)

Affected versions

< 6.7.0

nuget Serenity.Net.Web (NuGet)

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-31287
  • serenity-is/Serenity@11b9d26

Published to the GitHub Advisory Database

Apr 27, 2023

Last updated

Apr 27, 2023

Related news

Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens

Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.

CVE-2023-31287: :up: 6.7.0 · serenity-is/Serenity@11b9d26

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa