How severe is CVE-2023-3222?

CVE-2023-3222 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-3222

Name: password_recovery
Author: password_recovery_project

7.5HIGH

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-

Publicado: 9/4/2023Atualizado: 11/21/2024

Descrição

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.

Análise IADesenvolvido por IA

Produtos Afetados

password_recovery_projectpassword_recovery

1.2

Referências

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin
Third Party Advisory