CVE-2024-41888
Aug. 12, 2024, 1:41 p.m.
Tags
Product(s) Impacted
Apache Answer
- through 1.3.5
Description
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.
Weaknesses
CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
CWE ID: 772Date
Published: Aug. 12, 2024, 1:38 p.m.
Last Modified: Aug. 12, 2024, 1:41 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
security@apache.org