AI Score
Confidence
High
EPSS
Percentile
38.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
User sends multiple password reset emails, each containing a valid link. Within the link’s validity period, this could potentially lead to the link being misused or hijacked.
Users are recommended to upgrade to version 1.3.6, which fixes the issue.
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Answer",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.3.5"
}
],
"defaultStatus": "unaffected"
}
]