CVE Details
Basic Information
| Title |
fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking |
| Type |
cve |
| Published |
2025-05-29T18:00:06.249Z |
| Last Seen |
|
Product Information
| Vendor |
fossasia |
| Product |
open-event-server |
| Version |
1.19.1 |
CVSS Information
| Base Score |
6.3 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A vulnerability in fossasia’s open-event-server version 1.19.1 allows remote attackers to exploit the send_email_change_user_email function due to reliance on obfuscation without integrity checks. This issue has a medium severity with a CVSS score of 6.3, but exploitation is considered difficult. |
| AI Severity |
Medium |
| Vendor |
fossasia |
| Product |
open-event-server |
| Affected Version |
1.19.1 |
Additional Information
| CVE List |
|
| CWE List |
CWE-649, CWE-325 |
| Bulletin Family |
|
| Source Data |
fossasia open-event-server 1.19.1 |
Source Information
| Source Data |
fossasia open-event-server 1.19.1 |
| Source Link |
|
Description
A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
View Full CVE Details
