Account Password Manipulation in Dradis Professional Edition by Dradis Framework
CVE-2022-30028

5.9MEDIUM

Key Information:

Vendor: Dradisframework
Status: Dradis
Vendor: CVE Published:; 24 June 2022

🔔 Create Dradisframework Vulnerability Alert

What is CVE-2022-30028?

Dradis Professional Edition versions prior to 4.3.0 contain a vulnerability that allows an attacker to exploit a reused password reset token. This can enable unauthorized users to change account passwords, resulting in potential unauthorized access to user accounts and sensitive information. It is crucial for users to update to the latest version to mitigate this security risk.

References

https://dradisframework.com/ce/security_reports.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2022
Vulnerability Reserved
May 2, 2022