Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
依赖于未经完整性检查的安全相关输入的混淆或加密
Vulnerability Title
Open Event Server 安全漏洞
Vulnerability Description
Open Event Server是新加披FOSSASIA开源的一个用于管理事件的开放事件组织者服务器。 Open Event Server 1.19.1版本存在安全漏洞,该漏洞源于Mail Verification Handler组件中send_email_change_user_email函数依赖模糊或加密的安全输入,缺乏完整性检查。
CVSS Information
N/A
Vulnerability Type
N/A