CVE-2024-41888
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Aug 12, 2024
Updated: Aug 29, 2024
CWE ID 772
Summary
CVE-2024-41888 is a Missing Release of Resource after Effective Lifetime vulnerability identified in Apache Answer. Affecting versions up to 1.3.5, this issue allows the password reset link to remain active beyond its intended expiration period. An attacker could potentially exploit this vulnerability to misuse or hijack the link, leading to unauthorized access. Users are strongly advised to upgrade to Apache Answer version 1.3.6 to mitigate this risk and resolve the issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Apache Software Foundation