CVE-2024-50356

Published Oct 31, 2024

Last updated 16 days ago

CVSS none 0.0

Overview

Description
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Only users who have enabled 2FA are affected. Commit ba0007c28ac814260f836849bc07d29beea7deb6 patches this bug.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
0
Impact score
0
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Severity
NONE

Weaknesses

security-advisories@github.com
CWE-640

Social media

Hype score
Not currently trending

  1. CVE-2024-50356 Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by… https://t.co/x3EPIrnvzE

    @CVEnew

    31 Oct 2024

    368 Impressions

    2 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References