CVE-2021-29023

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/05/2021
Last modified:
01/03/2023

Description

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:invoiceplane:invoiceplane:1.5.11:*:*:*:*:*:*:*