GHSA-2m5g-8xpw-42vp – cartalyst/sentry

Package

Manager: composer
Name: cartalyst/sentry
Vulnerable Version: >=0 <=2.1.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

EPSS: N/A pctlN/A

Details

OpenCFP Framework (Sentry) Account takeover via null password reset codes OpenCFP, an open-source conference talk submission system written in PHP, contains a security vulnerability in its third-party authentication framework, Sentry, developed by Cartalyst. The vulnerability stems from how Sentry handles password reset checks. Users lacking a password reset token stored in the database default to having NULL in the reset_password_code column. Exploiting this flaw could allow unauthorized manipulation of any OpenCFP user's password, particularly those without an unused password reset token. Although successful login still requires correlating the numeric user ID with an email address, the identification of likely organizers (users 1-5) may facilitate this process.

Metadata

Created: 2024-05-15T18:07:44Z
Modified: 2024-05-15T18:07:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2m5g-8xpw-42vp/GHSA-2m5g-8xpw-42vp.json
CWE IDs: []
Alternative ID: N/A
Finding: F087
Auto approve: 1