Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-6810

Administrator password reset

    XMLWordPrintable

    Details

      Description

      An unauthenticated user is able to set the admin password of Crucible to any value, gaining admin access to the Crucible instance as a result.

      The vulnerability affects Crucible version 3.x. Versions earlier than 3.0 are not vulnerable. The vulnerability has been fixed in recent releases 3.0.4, 3.1.7, 3.2.5, 3.3.4, 3.4.4, 3.5.0.

      For additional details see the full advisory.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              vosipov VitalyA
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: