{"id":"CVE-2023-31287","details":"An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.","aliases":["GHSA-2hp9-3xfr-r9w2"],"modified":"2026-05-19T03:52:14.431033539Z","published":"2023-04-27T00:00:00Z","database_specific":{"cna_assigner":"mitre","unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"fixed":"6.7.0"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31287.json"},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31287.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31287"},{"type":"FIX","url":"https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2023/May/14"},{"type":"EVIDENCE","url":"https://packetstorm.news/files/id/172648"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/serenity-is/serenity","events":[{"introduced":"0"},{"fixed":"11b9d267f840513d04b4f4d4876de7823a6e48d2"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31287.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}