7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-31287

GHSA ID

GHSA-2hp9-3xfr-r9w2

EPSS Score

0.26118%

CWE

CWE-640

Published

4/27/2023

Updated

1/31/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-31287

CVE-2023-31287: Insufficient token expiration in Serenity

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-31287

GHSA ID

GHSA-2hp9-3xfr-r9w2

EPSS Score

0.26118%

CWE

CWE-640

Published

4/27/2023

Updated

1/31/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Serenity.Net.Core	nuget	< 6.7.0	6.7.0
Serenity.Net.Web	nuget	< 6.7.0	6.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from password reset tokens remaining valid after first use. The commit message explicitly states they 'ensured reset password tokens can only be used once,' indicating the reset handler didn't properly mark tokens as consumed. While no direct code diffs are shown, the pattern matches ASP.NET Core password reset implementations where token validation occurs in AccountController.ResetPassword. The affected packages (Serenity.Net.Web) contain web controllers, and the CWE-640 classification confirms this is an authentication flow issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in S*r*nity S*r*n* (*n* St*rtS**rp) ***or* *.*.*. P*sswor* r*s*t links *r* s*nt *y *m*il. * link *ont*ins * tok*n t**t is us** to r*s*t t** p*sswor*. T*is tok*n r*m*ins v*li* *v*n **t*r t** p*sswor* r*s*t *n* **n ** us** * s**

Reasoning

T** vuln*r**ility st*ms *rom p*sswor* r*s*t tok*ns r*m*inin* v*li* **t*r *irst us*. T** *ommit m*ss*** *xpli*itly st*t*s t**y '*nsur** r*s*t p*sswor* tok*ns **n only ** us** on**,' in*i**tin* t** r*s*t **n*l*r *i*n't prop*rly m*rk tok*ns *s *onsum**.

7.8

Basic Information

Concerned about an active attack path?

CVE-2023-31287: Insufficient token expiration in Serenity

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI