Primary

Context

LinkJoin Token Ownership Vulnerability in Password Reset Process

Vulnerability

A vulnerability has been identified in LinkJoin, prior to commit 882f196, related to improper handling of token ownership during the password reset process. This flaw could potentially be exploited to manipulate token verification, leading to unauthorized password resets.

Impact

Exploitation of this vulnerability could allow for unauthorized password resets, potentially leading to account takeovers.

Remediation

Users can update to the latest version of LinkJoin, which includes a fix for this vulnerability by verifying token ownership before allowing password resets.

Added: Aug 7, 2025, 5:17 PM

Updated: Aug 7, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LinkJoin Token Ownership Vulnerability in Password Reset Process

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating