CVE Vulnerability

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://b2evolution.net/downloads/7-2-5-stable Patch Vendor Advisory
https://github.com/b2evolution/b2evolution/blob/master/inc/_core/_misc.funcs.php#L5955 Patch Third Party Advisory
https://github.com/b2evolution/b2evolution/issues/114 Issue Tracking Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*
Information

Published : 2022-09-28 11:15

Updated : 2022-09-30 01:35

NVD link : CVE-2022-30935

Mitre link : CVE-2022-30935

Products Affected
No products.
CWE
CWE-330