You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Random algorithm used to generate access token and password reset is not strong enough
High
robinshine
published
GHSA-jf5c-9r77-3j5jFeb 7, 2023
Package
Independent application
Affected versions
< 7.9.12
Patched versions
7.9.12
Description
Impact
The random algorithm used to generate access token and password reset is not strong enough. Existing normal users (or everyone if it allows self-registration) may exploit this to get administrator permission.
Impact
The random algorithm used to generate access token and password reset is not strong enough. Existing normal users (or everyone if it allows self-registration) may exploit this to get administrator permission.
Patches
This issue is solved in 7.9.12
Credits
This issue is found by @josephsurin (elttam) and @emilytrau. Thank you!