An unauthenticated user is able to set the admin password of Crucible to any value, gaining admin access to the Crucible instance as a result.

      The vulnerability affects Crucible version 3.x. Versions earlier than 3.0 are not vulnerable. The vulnerability has been fixed in recent releases 3.0.4, 3.1.7, 3.2.5, 3.3.4, 3.4.4, 3.5.0.

      For additional details see the full advisory.

          Form Name

            [CRUC-6810] Administrator password reset

            There are no comments yet on this issue.

              Unassigned Unassigned
              vosipov VitalyA
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: