What is the severity of CVE-2024-50356?

CVE-2024-50356 is a high severity vulnerability, as it allows unauthorized password resets by anyone with access to the mail inbox.

How do I fix CVE-2024-50356?

To fix CVE-2024-50356, ensure that email access is secured and consider implementing additional authentication methods beyond 2FA.

What does CVE-2024-50356 affect?

CVE-2024-50356 affects the Frappe Press application, a custom app that runs on Frappe Cloud.

Can attackers exploit CVE-2024-50356 without 2FA?

Yes, attackers can exploit CVE-2024-50356 to reset passwords without needing to bypass two-factor authentication if they have access to the email inbox.

Is CVE-2024-50356 present in all versions of Frappe Press?

CVE-2024-50356 does not specify particular versions of Frappe Press, meaning it could be present in multiple deployments.

Vulnerability/
CVE-2024-50356

medium

6.5

CWE

640

31/10/2024

1/11/2024

CVE-2024-50356: Press has a potential 2FA bypass

First published: Thu Oct 31 2024(Updated: )

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Only users who have enabled 2FA are affected. Commit ba0007c28ac814260f836849bc07d29beea7deb6 patches this bug.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Frappe Press	=without specific version details

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50356?
CVE-2024-50356 is a high severity vulnerability, as it allows unauthorized password resets by anyone with access to the mail inbox.
How do I fix CVE-2024-50356?
To fix CVE-2024-50356, ensure that email access is secured and consider implementing additional authentication methods beyond 2FA.
What does CVE-2024-50356 affect?
CVE-2024-50356 affects the Frappe Press application, a custom app that runs on Frappe Cloud.
Can attackers exploit CVE-2024-50356 without 2FA?
Yes, attackers can exploit CVE-2024-50356 to reset passwords without needing to bypass two-factor authentication if they have access to the email inbox.
Is CVE-2024-50356 present in all versions of Frappe Press?
CVE-2024-50356 does not specify particular versions of Frappe Press, meaning it could be present in multiple deployments.

agent/references
agent/title
agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/author
agent/severity
collector/nvd-api
source/NVD
agent/last-modified-date
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/frappe
canonical/frappe press

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.