When using the `/api/user/password/sent-reset-email` endpoint, a POST request is sent to generate a password reset email. If a user is not found in the database, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. When creating a user, the password hash is stored in the database. The password reset email is generated by hashing the old password and appending a custom string. This has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. When creating a user, a POST request is sent to the `/api/user/password/generated` endpoint. This creates a password hash and places it in the database. A password reset email is then generated by hashing the password hash and appending a custom string. This has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. When creating a user, a POST request is sent to the `/api/user/password/sent` endpoint. This generates a password hash and places it in the database. A password reset email is then generated by hashing the password hash and appending a custom string. This has been patched

References

Vendor: N/A
Date: May 22, 2017

The following is a list of references to the CVE-2022-39307 vulnerability in the blog post “6 Reasons Why Digital Marketing Is Important.”

When creating a user, a POST request is sent to the /api/user/password/generated endpoint. This creates a password hash and places it in the database. A password reset email is then generated by hashing the password hash and appending a custom string. This has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.

Timeline

Published on: 11/09/2022 23:15:00 UTC
Last modified on: 11/11/2022 00:58:00 UTC

References