A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Forgot_password | Mendix | 3.3.0 (including) | 3.5.1 (excluding) |