Versio.io

CVE-2022-29174

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 17-05-2022 11:15
Last modified: - 30-05-2022 02:24
Total changes: - 3

Description

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
High
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
8.1
Base score
2.2
5.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=count AND product=countly_server AND versionStartIncluding=22.03 AND versionEndExcluding=22.03.7
vendor=count AND product=countly_server AND versionEndExcluding=21.11.4
 

Reference

 


Keywords

NVD

 

CVE-2022-29174

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.