Public CVE-2021-39409 disclosure

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token.