First published: Tue Apr 09 2019(Updated: )
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/contao/core-bundle | >=4.0.0<4.4.37>=4.5.0<4.6.0>=4.6.0<4.7.0>=4.7.0<4.7.3 | |
composer/contao/contao | >=4.0.0<4.4.37>=4.5.0<4.6.0>=4.6.0<4.7.0>=4.7.0<4.7.3 | |
composer/contao/core | >=3.0.0<3.5.39 | |
Contao Contao Cms | <3.5.39 | |
Contao Contao Cms | >=4.0.0<4.7.3 | |
composer/contao/core | >=3.0.0<3.5.39 | 3.5.39 |
composer/contao/core-bundle | >=4.5.0<4.7.3 | 4.7.3 |
composer/contao/core-bundle | >=4.0.0<4.4.37 | 4.4.37 |
composer/contao/contao | >=4.5.0<4.7.3 | 4.7.3 |
composer/contao/contao | >=4.0.0<4.4.37 | 4.4.37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-10641 is critical with a score of 9.8.
Contao versions 3.5.39 and below, as well as versions between 4.0.0 and 4.7.3, are affected by CVE-2019-10641.
Existing sessions are not correctly invalidated when a user changes their password, leaving potential for unauthorized access.
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
To fix the vulnerability, update Contao to version 3.5.39 or upgrade to Contao 4.7.3.