Main Vulnerability Database SB2022052415

SB2022052415 - Security features bypass in countly-server

Published: May 24, 2022

Security Bulletin ID SB2022052415

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2022-29174)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a predictable password reset token. A remote attacker can obtain sensitive information and then reset the password to take over the account.

Remediation

Install update from vendor's website.

References

https://github.com/Countly/countly-server/commit/2bfa1ee1fa46e9bb007cf8687ad197ab9c604999
https://github.com/Countly/countly-server/security/advisories/GHSA-98vh-wqw5-p23v