Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-7659

Good to know:

icon

Date: August 10, 2024

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component.

Language: PHP

Severity Score

Related Resources (7)

https://github.com/projectsend/projectsend/commit/aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17
https://github.com/projectsend/projectsend/releases/tag/r1720
https://nvd.nist.gov/vuln/detail/CVE-2024-7659
https://vuldb.com/?ctiid.274116
https://vuldb.com/?id.274116
https://vuldb.com/?submit.385004
https://www.mend.io/vulnerability-database/CVE-2024-7659

Severity Score

Weakness Type (CWE)

Use of Insufficiently Random Values

CWE-330

Top Fix

icon

Upgrade Version

Upgrade to version r1720

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us