Auto-Update: 2023-04-27T04:00:26.898818+00:00

CVE-2023/CVE-2023-312xx/CVE-2023-31287.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31287",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-04-27T03:15:10.200",
+  "lastModified": "2023-04-27T03:15:10.200",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD in 2 hour periods.
 ### Last repository update
 
 ```plain
-2023-04-27T02:00:28.238242+00:00
+2023-04-27T04:00:26.898818+00:00
 ```
 
 ### Most recent CVE modification timestamp synchronized with NVD
 
 ```plain
-2023-04-27T01:41:09.010000+00:00
+2023-04-27T03:15:10.200000+00:00
 ```
 
 ### Last Data Feed release
@@ -29,20 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-datafeeds/r
 ### Total numbers of included CVEs
 
 ```plai#n
-213642
+213651
 ```
 
 ### CVEs added in the last commit
 
-Recently added CVEs: `0`
+Recently added CVEs: `1`
 
+* CVE-2023-31287 (*2023-04-27T03:15:10.200*)
 
 
 ### CVEs modified in the last commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-* CVE-2021-0874 (*2023-04-27T01:41:09.010*)
 
 
 ## Download and Usage