How severe is CVE-2024-11717?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-11717?

This is classified as CWE-837, which is a common weakness in software security.

CVE-2024-11717 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email. This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 included in 3.7.5 release.

Related Vulnerabilities

CVE-2023-6759

HIGH

CVSS:7.5(High)

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads t...

CWE-8372023

CVE-2024-11301

MEDIUM

CVSS:6.5(Medium)

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to o...

CWE-8372024

CVE-2024-4629

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, att...

CWE-8372024

CVE-2023-6438

MEDIUM

CVSS:5.3(Medium)

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation lead...

CWE-8372023

CVE-2023-5313

LOW

CVSS:3.7(Low)

A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler...

CWE-8372023

CVE-2023-6467

LOW

CVSS:3.7(Low)

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like H...

CWE-8372023