Multiple vulnerabilities in Janto
Posted date 07/02/2025
Identificador
INCIBE-2025-0066
Importance
5 - Critical
Affected Resources
Janto, versions prior to r12.
Description
INCIBE has coordinated the publication of 2 vulnerabilities: one critical and one high severity, affecting Janto de Impronta, a ticketing platform, which have been discovered by Guzmán Fernández Ocaña.
These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.
- CVE-2025-1107: CVSS v3.1: 9.9 | CVSS AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L | CWE-620
- CVE-2025-1108: CVSS v3.1: 8.6 | CVSS AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N | CWE-345
Solution
With the implemented patches by the Impronta team, the detected vulnerabilities have been fixed.
All customers using this product in SaaS mode have been upgraded to version r12 which fixes these issues.
Detail
- CVE-2025-1107: unverified password change vulnerability in Janto from Impronta. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
- CVE-2025-1108: insufficient data authenticity verification vulnerability in Janto from Impronta. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.
References list
