generator-jhipster-kotlin 1.6.0 Password Reset Log neutralization for logs

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in generator-jhipster-kotlin 1.6.0. It has been classified as critical. This affects an unknown code block of the component Password Reset Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056193710/27/2020VulD...cve_cnaGitHub, Inc.nvd.nist.gov10/27/2020accepted70
1056193610/27/2020VulD...confirm_urlhttps://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-pfxf-wh96-fvjccve.mitre.org10/27/2020accepted70
1020174206/26/2020VulD...cve_nvd_summaryIn generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.mitre.org06/26/2020accepted100
1020174106/26/2020VulD...cve_assigned1577664000mitre.org06/26/2020accepted100
1020173406/26/2020VulD...cvss3_nvd_aNnist.gov06/26/2020accepted100
1020173306/26/2020VulD...cvss3_nvd_iLnist.gov06/26/2020accepted100
1020173206/26/2020VulD...cvss3_nvd_cNnist.gov06/26/2020accepted100
1020173106/26/2020VulD...cvss3_nvd_sUnist.gov06/26/2020accepted100
1020173006/26/2020VulD...cvss3_nvd_uiNnist.gov06/26/2020accepted100
1020172906/26/2020VulD...cvss3_nvd_prNnist.gov06/26/2020accepted100
1020172806/26/2020VulD...cvss3_nvd_acLnist.gov06/26/2020accepted100
1020172706/26/2020VulD...cvss3_nvd_avNnist.gov06/26/2020accepted100
1020170506/26/2020VulD...cwe117 (privilege escalation)06/26/2020accepted100
1020174906/26/2020VulD...cvss3_nvd_basescore5.3nist.gov06/26/2020accepted90
1020174806/26/2020VulD...cvss3_vuldb_rcU06/26/2020accepted90
1020174706/26/2020VulD...cvss3_vuldb_rlX06/26/2020accepted90
1020174606/26/2020VulD...cvss3_vuldb_eX06/26/2020accepted90
1020174506/26/2020VulD...cvss2_vuldb_rcUC06/26/2020accepted90
1020174406/26/2020VulD...cvss2_vuldb_rlND06/26/2020accepted90
1020174306/26/2020VulD...cvss2_vuldb_eND06/26/2020accepted90

Interested in the pricing of exploits?

See the underground prices here!