github - ghsa-qgww-6vq6-rm44

ghsa-qgww-6vq6-rm44

Vulnerability from github

Published

2022-05-24 22:28

Modified

2022-05-24 22:28

Details

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-25961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-29T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "In \u201cSuiteCRM\u201d application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.",
  "id": "GHSA-qgww-6vq6-rm44",
  "modified": "2022-05-24T22:28:54Z",
  "published": "2022-05-24T22:28:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25961"
    },
    {
      "type": "WEB",
      "url": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"
    },
    {
      "type": "WEB",
      "url": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648"
    },
    {
      "type": "WEB",
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-25961 (GCVE-0-2021-25961)

Vulnerability from cvelistv5

Published

2021-09-29 13:50

Modified

2024-09-17 02:07

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

Summary

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

References

►

URL

Tags

	https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961	x_refsource_MISC
	https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513	x_refsource_MISC
	https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	salesagility	SuiteCRM	Version: v7.1.7 < * Version: v7.11 < v7.11.21

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SuiteCRM",
          "vendor": "salesagility",
          "versions": [
            {
              "changes": [
                {
                  "at": "v7.10.32",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "v7.1.7",
              "versionType": "custom"
            },
            {
              "lessThan": "v7.11.21",
              "status": "affected",
              "version": "v7.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In \u201cSuiteCRM\u201d application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-640",
              "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-29T13:50:10",
        "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "shortName": "Mend"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to v7.10.32 or v7.11.21"
        }
      ],
      "source": {
        "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
        "discovery": "UNKNOWN"
      },
      "title": "SuiteCRM - Account Takeover in Password Reset Functionality",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
          "DATE_PUBLIC": "2021-09-21T10:09:00.000Z",
          "ID": "CVE-2021-25961",
          "STATE": "PUBLIC",
          "TITLE": "SuiteCRM - Account Takeover in Password Reset Functionality"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SuiteCRM",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003e=",
                            "version_name": "",
                            "version_value": "v7.1.7"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "",
                            "version_value": "v7.10.32"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "v7.11",
                            "version_value": "v7.11.21"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "salesagility"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In \u201cSuiteCRM\u201d application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961",
              "refsource": "MISC",
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961"
            },
            {
              "name": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513",
              "refsource": "MISC",
              "url": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"
            },
            {
              "name": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648",
              "refsource": "MISC",
              "url": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to v7.10.32 or v7.11.21"
          }
        ],
        "source": {
          "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
    "assignerShortName": "Mend",
    "cveId": "CVE-2021-25961",
    "datePublished": "2021-09-29T13:50:10.158439Z",
    "dateReserved": "2021-01-22T00:00:00",
    "dateUpdated": "2024-09-17T02:07:00.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.