CVE-2020-27422

Critical

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the…

mitre·CWE-613·Published 2020-11-16

CVSS

9.8

EPSS

0.08

KEV

Exploits

cve.orgen

173 chars

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

NVDen

173 chars

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

En Anuko Time Tracker versión v1.19.23.5311, el enlace de restablecimiento de contraseña enviado por correo electrónico al usuario no expira una vez usado, permitiendo a un atacante utilizar el mismo enlace para tomar el control de la cuenta

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H