generator-jhipster-kotlin 1.6.0 Password Reset Log neutralization for logs

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in generator-jhipster-kotlin 1.6.0. It has been classified as critical. This affects an unknown code block of the component Password Reset Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/26/2020 01:15 PM10/27/2020 10:26 AM10/27/2020 10:35 AM
namegenerator-jhipster-kotlingenerator-jhipster-kotlingenerator-jhipster-kotlin
version1.6.01.6.01.6.0
componentPassword Reset HandlerPassword Reset HandlerPassword Reset Handler
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore6.16.16.1
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore5.95.95.9
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.86.86.8
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
titlewordLogLogLog
date1593043200 (06/25/2020)1593043200 (06/25/2020)1593043200 (06/25/2020)
locationGitHub RepositoryGitHub RepositoryGitHub Repository
urlhttps://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjchttps://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjchttps://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2020-4072CVE-2020-4072CVE-2020-4072
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcUUU
cvss3_nvd_basescore5.35.35.3
cwe117 (privilege escalation)117 (privilege escalation)117 (privilege escalation)
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iLLL
cvss3_nvd_aNNN
cve_assigned157766400015776640001577664000
cve_nvd_summaryIn generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.
confirm_urlhttps://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjchttps://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc
cve_cnaGitHub, Inc.

Might our Artificial Intelligence support you?

Check our Alexa App!