Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.
History

Thu, 05 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other

Tue, 03 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Linen
Linen linen
Weaknesses CWE-284
CPEs cpe:2.3:a:linen:linen:*:*:*:*:*:*:*:*
Vendors & Products Linen
Linen linen
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 01 Sep 2024 23:15:00 +0000

Type Values Removed Values Added
Description Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-01T00:00:00

Updated: 2024-09-03T14:58:51.950Z

Reserved: 2024-09-01T00:00:00

Link: CVE-2024-45522

cve-icon Vulnrichment

Updated: 2024-09-03T14:58:44.912Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-02T00:15:11.830

Modified: 2024-09-05T14:29:32.737

Link: CVE-2024-45522

cve-icon Redhat

No data.