For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.
This is fixed in v3.0.1.
No workarounds.
If you have any questions or comments about this advisory:
Open an issue in https://github.com/autolab/Autolab/ Email us at autolab-dev@andrew.cmu.edu
{ "nvd_published_at": "2024-10-25T13:15:17Z", "cwe_ids": [ "CWE-287", "CWE-863" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-10-25T19:21:43Z" }