MEDIUM🇬🇧 English

CVE-2020-4072

CVSS 5.3v3.1pub. 2020-06-25upd. 2024-11-21

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Jhipster Generator Jhipster Kotlin

    APP
    Jhipster
    < 1.7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-16303CRITICAL9.8ten sam vendor

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code th...

CVE-2015-20110HIGH7.5ten sam vendor

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string compari...

CVE-2022-24815HIGH8.1ten sam vendor

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservi...