Security Advisory

CVE-2024-41890

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-09 14:53:28

Last updated 2025-03-13 18:27:24

Assigner apache

State PUBLISHED

Description

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the links validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.

← Browse all CVEs View on cve.org ↗