Autolab Misconfigured Reset Password Permissions
Description
Published by the National Vulnerability Database
Oct 25, 2024
Published to the GitHub Advisory Database
Oct 25, 2024
Reviewed
Oct 25, 2024
Last updated
Nov 15, 2024
Impact
For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.
Patches
This is fixed in v3.0.1.
Workarounds
No workarounds.
For more information
If you have any questions or comments about this advisory:
Open an issue in https://github.com/autolab/Autolab/
Email us at autolab-dev@andrew.cmu.edu
References