The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0
References
Link | Resource |
---|---|
https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c | Patch Third Party Advisory |
https://github.com/FlexSolution/AlfrescoResetPassword/security/advisories/GHSA-xrc8-fjp4-h4fv | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-09-18T17:55:14
Updated: 2020-09-18T17:55:14
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15181
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-18T18:15:16.770
Modified: 2021-11-18T17:51:30.387
Link: CVE-2020-15181
JSON object: View
Redhat Information
No data.