CVE-2020–10793

[ipeevski]

https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297

It looks to me to be an invalid report anyway, but until it's reported as being fixed/addressed, security scans show up CodeIgniter as vulnerable. So please, do what needs to be done to clear that CVE as addressed.

[Paradinight]

1. Yes it is invalid report. Codeigniter 3 Framework does not have a login page and 4 too.
2. Use security@codeigniter.com or https://hackerone.com/codeigniter

[ipeevski]

I wasn't trying to report security issue. I was hoping you have a way to talk to the CVE people to close it or whatever the process is ... SNYK is reporting a security issue for us now, where there is none...

…

On Wed, 25 Mar 2020, 4:06 pm Paradinight, ***@***.***> wrote: 1. Yes it is invalid report. Codeigniter 3 Framework does not have a login page and 4 too. 2. Use ***@***.*** or https://hackerone.com/codeigniter — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5930 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABAPLDOCNLKAQWJL4W2OATRJGJ5XANCNFSM4LTBM5IQ> .

[tamir-ben]

Was this reported to Mitre through https://cveform.mitre.org/ ?
I believe they should reject the CVE.

[ipeevski]

I don't know is the short answer. I just ran into the CVE through SNYK. For them to have a CVE, I believe it was submitted as you said and it didn't get rejected.

…

On Thu, 26 Mar 2020 at 03:21, galaktipus ***@***.***> wrote: Was this reported to Mitre through https://cveform.mitre.org/ ? I believe they should reject the CVE. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5930 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABAPLFTUTFWUTDFVNJMPQLRJIZBFANCNFSM4LTBM5IQ> .

[narfbg]

Thanks for notifying us @ipeevski. I've requested a rejection, hopefully it gets through soon.

Can't do anything beyond that here, so closing the issue, but will post any updates that I might receive.

[ipeevski]

Awesome, thanks @narfbg