CVE-2024-41890

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 29, 2024

CWE ID 772

Summary

CVE-2024-41890 is a resource management vulnerability affecting Apache Answer up to version 1.3.5. The issue arises when a user sends multiple password reset emails, each with a valid link. If these links are not properly managed, they may be misused or hijacked within their validity period. To mitigate this risk, it is strongly recommended that users upgrade to version 1.3.6, which addresses the identified issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uVK5k6
https://www.cve.org/CVERecord?id=CVE-2024-41890
https://nvd.nist.gov/vuln/detail/CVE-2024-41890

Back to Vulnerability Database

CVE-2024-41890

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations