CVE-2024-48428

Nov. 14, 2024, 11:15 p.m.

9.8

Critical

Description

An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.

Product(s) Impacted

Vendor	Product	Versions
Olivegroup	Olivevle	-

Weaknesses

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	olivegroup	olivevle	-	/	/	/	/	/	/	/

References

https://medium.com/%40powerful-/account-takeover-ato-via-the-reset-password-cve-2024-48428-84892d6211d6

https://medium.com/h7w/full-account-takeover-via-password-reset-link-manipulation-840fb9402967

https://www.linkedin.com/posts/said-al-ghammari-301972285_0day-bugbountytips-bugbountytip-activity-7227418100034412544-2ocu/

https://www.olivevle.com/

Tags

cve@mitre.org

CWE-640

2024-10-25

CVE-2024-48428

CVSS Score

9.8 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Date

Published: Oct. 25, 2024, 3:15 p.m.
Last Modified: Nov. 14, 2024, 11:15 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.