CVE-2023-26770 Information

Description

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.

Reference

https://github.com/JordanKnott/taskcafe https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory