Lucene search

MendCVELIST:CVE-2022-23064

HistoryMay 02, 2022 - 12:30 p.m.

CVE-2022-23064 Snipe-IT - Host Header Injection

2022-05-0212:30:14

CWE-74

Mend

www.cve.org

snipe-it

host header injection

password reset vulnerability

account takeover

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.

CNA Affected

[
  {
    "product": "snipe-it",
    "vendor": "snipe",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "v3.0-alpha",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "v5.3.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc

www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

Related for CVELIST:CVE-2022-23064