CVE-2023-26984

Published: Mar 29, 2023Modified: Feb 18, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Affected (1)

Products: Peppermint: Peppermint

Peppermint

1 product

Peppermint

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Peppermint Peppermint	Version 0.2.4

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

https://github.com/Peppermint-Lab/peppermint/tree/master

Source: cve@mitre.org

Product

https://github.com/bypazs/CVE-2023-26984

Source: cve@mitre.org

ExploitThird Party Advisory

https://peppermint.sh/

Source: cve@mitre.org

Product

https://github.com/Peppermint-Lab/peppermint/tree/master

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/bypazs/CVE-2023-26984

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://peppermint.sh/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.