Home > Vulnerability Database > CVE-2024-41888

Mend.io Vulnerability Database

CVE-2024-41888

Good to know:

Date: August 9, 2024

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.

Language: Go

Severity Score

5.3

Related Resources (6)

Url: github.com/apache/incubator-answer

Url: https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41888

Url: https://github.com/advisories/GHSA-v3x9-wrq5-868j

Url: https://github.com/apache/incubator-answer/commit/2820efc454f5808974dce0aa99aac106be3f727b

Url: https://www.mend.io/vulnerability-database/CVE-2024-41888

Severity Score

5.3

Weakness Type (CWE)

Missing Release of Resource after Effective Lifetime

CWE-772

Top Fix

Upgrade Version

Upgrade to version v1.3.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41888

Good to know:

Date: August 9, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?