ByteOS Network

NVD Vulnerability Details :

CVE-2024-41888

Modified

Source-security@apache.org

Published At-12 Aug, 2024 | 13:38

Updated At-13 Mar, 2025 | 20:15

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CPE Matches

The Apache Software Foundation

>>answer>>Versions before 1.3.6(exclusive)

cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-772	Secondary	security@apache.org

CWE ID: CWE-772

Type: Secondary

Source: security@apache.org

References

Hyperlink	Source	Resource
https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4	security@apache.org	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/08/09/5	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://lists.apache.org/thread/jbs1j2o9rqm5sc19jyk3jcfvkmfkmyf4

Source: security@apache.org

Resource:

Mailing List

Vendor Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2024/08/09/5

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History