How severe is CVE-2024-6890?

CVE-2024-6890 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-6890

Name: journyx
Author: journyx

8.8HIGH

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administra

Опубликовано: 8/7/2024Обновлено: 11/21/2024

Описание

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.

ИИ-АнализНа базе ИИ

Затронутые продукты

journyxjournyx

11.5.4

Ссылки

https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt
ExploitThird Party Advisory
http://seclists.org/fulldisclosure/2024/Aug/5