Vulnerabilities > CVE-2023-26984 - Authorization Bypass Through User-Controlled Key vulnerability in Peppermint 0.2.4

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

peppermint

CWE-639

NVD

Published: 2023-03-29

Updated: 2023-04-05

Summary

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Vulnerable Configurations

Part	Description	Count
Application	Peppermint Peppermint Peppermint 0.2.4	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://github.com/Peppermint-Lab/peppermint/tree/master
https://github.com/bypazs/CVE-2023-26984
https://peppermint.sh/