Search criteria
6 vulnerabilities found for cdex by cdex
CVE-2024-2465 (GCVE-0-2024-2465)
Vulnerability from nvd – Published: 2024-03-21 14:50 – Updated: 2024-10-31 14:00
VLAI
Title
Open redirection in CDeX
Summary
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.
Severity
7.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cert.pl/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cdex.cloud/ | product |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://cdex.cloud/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:53:07.061994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:00:42.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CDeX",
"vendor": "CDeX PSA",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Walkowski, PhD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eOpen redirection vulnerability in\u003c/span\u003e CDeX application\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eallows to redirect users to arbitrary websites via a specially crafted URL.\u003c/span\u003e\u003cp\u003eThis issue affects CDeX application versions through 5.7.1.\u003c/p\u003e"
}
],
"value": "Open redirection vulnerability in CDeX application\u00a0allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T14:50:26.900Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product"
],
"url": "https://cdex.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open redirection in CDeX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2465",
"datePublished": "2024-03-21T14:50:26.900Z",
"dateReserved": "2024-03-14T17:11:21.045Z",
"dateUpdated": "2024-10-31T14:00:42.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2464 (GCVE-0-2024-2464)
Vulnerability from nvd – Published: 2024-03-21 14:50 – Updated: 2024-10-30 18:14
VLAI
Title
Application users enumeration in CDeX
Summary
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.
Severity
6.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cert.pl/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cdex.cloud/ | product |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://cdex.cloud/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:07:57.569239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:14:24.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CDeX",
"vendor": "CDeX PSA",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Walkowski, PhD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.\u003cp\u003eThis issue affects CDeX application versions through 5.7.1.\u003c/p\u003e"
}
],
"value": "This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T14:50:13.935Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product"
],
"url": "https://cdex.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Application users enumeration in CDeX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2464",
"datePublished": "2024-03-21T14:50:13.935Z",
"dateReserved": "2024-03-14T17:11:19.805Z",
"dateUpdated": "2024-10-30T18:14:24.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2463 (GCVE-0-2024-2463)
Vulnerability from nvd – Published: 2024-03-21 14:50 – Updated: 2024-08-01 21:13
VLAI
Title
Weak password recovery mechanism in CDeX
Summary
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.
Severity
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cert.pl/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cdex.cloud/ | product |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://cdex.cloud/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cdex:cdex:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cdex",
"vendor": "cdex",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2463",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T21:10:33.042953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:13:30.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CDeX",
"vendor": "CDeX PSA",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Walkowski, PhD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak password recovery mechanism in CDeX application allows to retrieve\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epassword\u0026nbsp;\u003c/span\u003ereset token.\u003cp\u003eThis issue affects CDeX application versions through 5.7.1.\u003c/p\u003e"
}
],
"value": "Weak password recovery mechanism in CDeX application allows to retrieve\u00a0password\u00a0reset token.This issue affects CDeX application versions through 5.7.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T14:50:02.541Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product"
],
"url": "https://cdex.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password recovery mechanism in CDeX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2463",
"datePublished": "2024-03-21T14:50:02.541Z",
"dateReserved": "2024-03-14T17:11:18.241Z",
"dateUpdated": "2024-08-01T21:13:30.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2465 (GCVE-0-2024-2465)
Vulnerability from cvelistv5 – Published: 2024-03-21 14:50 – Updated: 2024-10-31 14:00
VLAI
Title
Open redirection in CDeX
Summary
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.
Severity
7.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cert.pl/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cdex.cloud/ | product |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://cdex.cloud/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:53:07.061994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:00:42.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CDeX",
"vendor": "CDeX PSA",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Walkowski, PhD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eOpen redirection vulnerability in\u003c/span\u003e CDeX application\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eallows to redirect users to arbitrary websites via a specially crafted URL.\u003c/span\u003e\u003cp\u003eThis issue affects CDeX application versions through 5.7.1.\u003c/p\u003e"
}
],
"value": "Open redirection vulnerability in CDeX application\u00a0allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T14:50:26.900Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product"
],
"url": "https://cdex.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open redirection in CDeX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2465",
"datePublished": "2024-03-21T14:50:26.900Z",
"dateReserved": "2024-03-14T17:11:21.045Z",
"dateUpdated": "2024-10-31T14:00:42.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2464 (GCVE-0-2024-2464)
Vulnerability from cvelistv5 – Published: 2024-03-21 14:50 – Updated: 2024-10-30 18:14
VLAI
Title
Application users enumeration in CDeX
Summary
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.
Severity
6.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cert.pl/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cdex.cloud/ | product |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://cdex.cloud/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:07:57.569239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:14:24.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CDeX",
"vendor": "CDeX PSA",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Walkowski, PhD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.\u003cp\u003eThis issue affects CDeX application versions through 5.7.1.\u003c/p\u003e"
}
],
"value": "This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T14:50:13.935Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product"
],
"url": "https://cdex.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Application users enumeration in CDeX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2464",
"datePublished": "2024-03-21T14:50:13.935Z",
"dateReserved": "2024-03-14T17:11:19.805Z",
"dateUpdated": "2024-10-30T18:14:24.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2463 (GCVE-0-2024-2463)
Vulnerability from cvelistv5 – Published: 2024-03-21 14:50 – Updated: 2024-08-01 21:13
VLAI
Title
Weak password recovery mechanism in CDeX
Summary
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.
Severity
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cert.pl/posts/2024/03/CVE-2024-2463/ | third-party-advisory |
| https://cdex.cloud/ | product |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://cdex.cloud/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cdex:cdex:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cdex",
"vendor": "cdex",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2463",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T21:10:33.042953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:13:30.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CDeX",
"vendor": "CDeX PSA",
"versions": [
{
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Walkowski, PhD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak password recovery mechanism in CDeX application allows to retrieve\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epassword\u0026nbsp;\u003c/span\u003ereset token.\u003cp\u003eThis issue affects CDeX application versions through 5.7.1.\u003c/p\u003e"
}
],
"value": "Weak password recovery mechanism in CDeX application allows to retrieve\u00a0password\u00a0reset token.This issue affects CDeX application versions through 5.7.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T14:50:02.541Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/03/CVE-2024-2463/"
},
{
"tags": [
"product"
],
"url": "https://cdex.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password recovery mechanism in CDeX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2463",
"datePublished": "2024-03-21T14:50:02.541Z",
"dateReserved": "2024-03-14T17:11:18.241Z",
"dateUpdated": "2024-08-01T21:13:30.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}