Impact
For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.
Patches
This is fixed in v3.0.1.
Workarounds
No workarounds.
For more information
If you have any questions or comments about this advisory:
Open an issue in https://github.com/autolab/Autolab/
Email us at autolab-dev@andrew.cmu.edu
Impact
For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords.
Patches
This is fixed in v3.0.1.
Workarounds
No workarounds.
For more information
If you have any questions or comments about this advisory:
Open an issue in https://github.com/autolab/Autolab/
Email us at autolab-dev@andrew.cmu.edu