Lucene search

[email protected]CVE-2022-22691

HistoryJan 18, 2022 - 5:15 p.m.

CVE-2022-22691

2022-01-1817:15:10

CWE-444

CWE-640

[email protected]

web.nvd.nist.gov

118

cve-2022-22691

umbraco

password reset

url manipulation

security vulnerability

nvd

appcheck advisory

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.

Affected configurations

NVD

Node

umbracoumbraco_cmsRange<9.2.0

CPENameOperatorVersion
umbraco:umbraco_cmsumbraco umbraco cmslt9.2.0

CPE	Name	Operator	Version
umbraco:umbraco_cms	umbraco umbraco cms	lt	9.2.0

CNA Affected

[
  {
    "product": "Umbraco CMS",
    "vendor": "Umbraco",
    "versions": [
      {
        "lessThan": "9.2.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]