GHSA-v46j-h43h-rwrm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v46j-h43h-rwrm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-v46j-h43h-rwrm/GHSA-v46j-h43h-rwrm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v46j-h43h-rwrm
- Aliases
- Published
- 2024-10-25T19:21:43Z
- Modified
- 2024-11-15T01:00:12Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- Autolab Misconfigured Reset Password Permissions
- Details
-
Impact
For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.
Patches
This is fixed in v3.0.1.
Workarounds
No workarounds.
For more information
If you have any questions or comments about this advisory:
Open an issue in https://github.com/autolab/Autolab/ Email us at autolab-dev@andrew.cmu.edu
- References
Affected packages
RubyGems / Autolab
Package
- Name
- Autolab
- Purl
- pkg:gem/Autolab