An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-15T22:47:27

Updated: 2024-08-05T02:32:08.894Z

Reserved: 2019-12-17T00:00:00

Link: CVE-2019-19857

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-15T23:15:11.777

Modified: 2024-11-21T04:35:32.587

Link: CVE-2019-19857

cve-icon Redhat

No data.