First published: Fri Sep 21 2018(Updated: )
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <10.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-17298.
The severity level of CVE-2018-17298 is critical.
CVE-2018-17298 is a vulnerability in Enalean Tuleap where reset password links are not invalidated after a user changes its password.
Enalean Tuleap versions up to exclusive 10.5 are affected by CVE-2018-17298.
Yes, there are fixes available for CVE-2018-17298. More information can be found in the references provided.