CVE-2024-41890
Aug. 12, 2024, 1:41 p.m.
Tags
Product(s) Impacted
Apache Answer
- through 1.3.5
Description
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.
Weaknesses
CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
CWE ID: 772Date
Published: Aug. 12, 2024, 1:38 p.m.
Last Modified: Aug. 12, 2024, 1:41 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
security@apache.org