← back
CVE-2020-27422

CVE-2020-27422

23Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 7.8%
from disclosure to weapon16 days
Published on NVDNov 16
1st PoC+16d
exploitation probability
7.8%top 6% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.