Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NDZqLWg0M2gtcndybc4ABAq6
Autolab Misconfigured Reset Password Permissions
Impact
For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.
Patches
This is fixed in v3.0.1.
Workarounds
No workarounds.
For more information
If you have any questions or comments about this advisory:
Open an issue in https://github.com/autolab/Autolab/
Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NDZqLWg0M2gtcndybc4ABAq6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 15 hours ago
Updated: about 15 hours ago
Identifiers: GHSA-v46j-h43h-rwrm, CVE-2024-49376
References:
- https://github.com/autolab/Autolab/security/advisories/GHSA-v46j-h43h-rwrm
- https://nvd.nist.gov/vuln/detail/CVE-2024-49376
- https://github.com/autolab/Autolab/commit/301689ab5c5e39d13bab47b71eaf8998d04bcc9b
- https://github.com/advisories/GHSA-v46j-h43h-rwrm
Blast Radius: 1.0
Affected Packages
rubygems:Autolab
Affected Version Ranges: = 3.0.0Fixed in: 3.0.1