7.8
CVE-2026-24669
- EPSS 0.15%
- Veröffentlicht 03.02.2026 17:00:38
- Zuletzt bearbeitet 10.02.2026 18:31:05
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpen eClass Insecure Password Reset Token Reuse Enables Account Takeover
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and potential account takeover. This issue has been patched in version 4.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gunet ≫ Open Eclass Platform Version < 4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.046 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://github.com/gunet/openeclass/security/advisories/GHSA-gcqq-fxw6-f866