How severe is CVE-2023-31287?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-31287?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2023-31287 - HIGH Severity | CVSS 7.8

Vulnerability Description

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

Related Vulnerabilities

CVE-2017-8916

HIGH

CVSS:7.8(High)

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, ther...

CWE-6402017

CVE-2023-29145

HIGH

CVSS:7.8(High)

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY...

CWE-6402023

CVE-2023-34357

HIGH

CVSS:7.8(High)

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been res...

CWE-6402023

CVE-2020-5361

HIGH

CVSS:7.6(High)

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized ...

CWE-6402020

CVE-2021-25961

HIGH

CVSS:8.0(High)

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible f...

CWE-6402021

CVE-2024-2463

HIGH

CVSS:8.0(High)

Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.

CWE-6402024