CVE-2020-14423

Published June 18th, 2020

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.

convos-chat/convos

Convos :busts_in_silhouette: is the simplest way to use IRC in your browser

GitHub

1.18K