216.73.217.172

CVE-2024-50356

· Published 31/10/2024 18:15 · Modified 01/11/2024 14:35

Labels: CVE-2024-50356 2024-10-31CVE-2024-50356CWE-640[email protected]

Essential information

Published
31/10/2024 18:15
Modified
01/11/2024 14:35
Author
Creator
CVSS
0.0 NONE (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

CVSS metrics

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Only users who have enabled 2FA are affected. Commit ba0007c28ac814260f836849bc07d29beea7deb6 patches this bug.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References