CVE-2023-26770

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
04/10/2024
Last modified:
27/05/2025

Description

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:taskcafe_project:taskcafe:0.3.2:*:*:*:*:*:*:*