CVE-2023-1976
published 2023-04-11CVE-2023-1976: Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.
PriorityP341high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.61%
44.6th percentile
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| answer | answer | < 1.0.6 | 1.0.6 |
| answerdev | answerdev_answer | >= unspecified < 1.0.6 | 1.0.6 |
| github.com | answerdev_answer | >= 0 < 1.0.6 | 1.0.6 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.04.6MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer
osv·2024-08-20
CVE-2023-1976 Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer
Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer
Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer
OSV
Answer vulnerable to account takeover because password reset links do not expire
osv·2023-04-11
CVE-2023-1976 [HIGH] Answer vulnerable to account takeover because password reset links do not expire
Answer vulnerable to account takeover because password reset links do not expire
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire.
GHSA
Answer vulnerable to account takeover because password reset links do not expire
ghsa·2023-04-11
CVE-2023-1976 [HIGH] CWE-263 Answer vulnerable to account takeover because password reset links do not expire
Answer vulnerable to account takeover because password reset links do not expire
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-11
Published