How severe is CVE-2023-3222?

CVE-2023-3222 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-3222

Name: password_recovery
Author: password_recovery_project

7.5HIGH

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-

发布于: 9/4/2023更新于: 11/21/2024

描述

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.

AI分析AI驱动

受影响产品

password_recovery_projectpassword_recovery

1.2

参考资料

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin
Third Party Advisory