CVE-2024-30262

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Apr 9, 2024
Updated: Apr 10, 2024
CWE ID 613
CWE ID 384

Summary

CVE-2024-30262 is a vulnerability in the Contao content management system. Versions prior to 4.13.40 are affected. When a frontend member changes their password in the personal data or password lost module, the remember-me tokens associated with their account are not removed, leaving it vulnerable to compromise. Even if the password is changed, an attacker with a remember-me token can still gain control over the account. To remediate this issue, update to version 4.13.40 or disable "Allow auto login" in the login module as a temporary workaround. The vulnerability has a base score of 5.9 (medium severity) and poses a high risk to confidentiality and low risk to integrity.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-30262 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options