{"vulnerability": "CVE-2020-2742", "sightings": [{"uuid": "1d9687b2-0f39-4e71-afb4-88155e929632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27422", "type": "seen", "source": "https://t.me/cibsecurity/16348", "content": "\u203c CVE-2020-27422 \u203c\n\nIn Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-16T18:37:35.000000Z"}, {"uuid": "41c5ad6e-7a53-46da-900e-e521987f9a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27423", "type": "seen", "source": "https://t.me/cibsecurity/16355", "content": "\u203c CVE-2020-27423 \u203c\n\nAnuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-16T18:37:42.000000Z"}]}