CVE-2024-41888

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2024/08/09/5", "name": "http://www.openwall.com/lists/oss-security/2024/08/09/5", "tags": [], "refsource": ""}, {"url": "https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4", "name": "https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4", "tags": ["Mailing List", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.3.5.\n\nThe password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked.\nUsers are recommended to upgrade to version 1.3.6, which fixes the issue."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-41888", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2024-08-12T13:38Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.3.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-13T20:15Z"}