generator-jhipster-kotlin 1.6.0 Password Reset Log neutralization for logs

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in generator-jhipster-kotlin 1.6.0. It has been classified as critical. This affects an unknown code block of the component Password Reset Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	06/26/2020 01:15 PM	10/27/2020 10:26 AM	10/27/2020 10:35 AM
name	generator-jhipster-kotlin	generator-jhipster-kotlin	generator-jhipster-kotlin
version	1.6.0	1.6.0	1.6.0
component	Password Reset Handler	Password Reset Handler	Password Reset Handler
risk	2	2	2
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	6.1	6.1	6.1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	5.9	5.9	5.9
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.8	6.8	6.8
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
titleword	Log	Log	Log
date	1593043200 (06/25/2020)	1593043200 (06/25/2020)	1593043200 (06/25/2020)
location	GitHub Repository	GitHub Repository	GitHub Repository
url	https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc	https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc	https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc
price_0day	$0-$5k	$0-$5k	$0-$5k
cve	CVE-2020-4072	CVE-2020-4072	CVE-2020-4072
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	UC	UC	UC
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	U	U	U
cvss3_nvd_basescore	5.3	5.3	5.3
cwe	117 (privilege escalation)	117 (privilege escalation)	117 (privilege escalation)
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	N	N	N
cvss3_nvd_i	L	L	L
cvss3_nvd_a	N	N	N
cve_assigned	1577664000	1577664000	1577664000
cve_nvd_summary	In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.	In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.	In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.
confirm_url		https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc	https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjc
cve_cna			GitHub, Inc.

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!