Lucene search
MendCVE-2022-23079HistoryJun 22, 2022 - 1:15 p.m.
CVE-2022-23079
2022-06-2213:15:08
CWE-116
Mend
web.nvd.nist.gov
37
6
cve-2022-23079
motor-admin
host header injection
password reset
email
security vulnerability
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
High
EPSS
0
Percentile
12.8%
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
Affected configurations
Node
getmotoradminmotor_adminRange0.0.1–0.2.56
| Vendor | Product | Version | CPE |
|---|---|---|---|
| getmotoradmin | motor_admin | * | cpe:2.3:a:getmotoradmin:motor_admin:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "motor-admin",
"vendor": "motor-admin",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.2.56",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
CVE-2022-23079
2022-06-22 13:15:08
nvd
nvd
CVE-2022-23079
2022-06-22 13:15:08
prion
prion
Design/Logic Flaw
2022-06-22 13:15:00
cvelist
cvelist
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
High
EPSS
0
Percentile
12.8%
Related for CVE-2022-23079