CVE-2023-45659

Engelsystem is a shift planning system for chaos events.  If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
GitHub_MCNA
3.6 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
engelsystemengelsystem
𝑥
< 2023-09-18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/engelsystem/engelsystem/commit/dbb089315ff3d8aabc11445e78fb50765208b27d
https://github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x
https://github.com/engelsystem/engelsystem/commit/dbb089315ff3d8aabc11445e78fb50765208b27d
https://github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x