Lucene search

[email protected]NVD:CVE-2022-23079

HistoryJun 22, 2022 - 1:15 p.m.

CVE-2022-23079

2022-06-2213:15:08

CWE-116

[email protected]

web.nvd.nist.gov

motor-admin

password reset

host header

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

Percentile

12.8%

JSON

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.

Affected configurations

Nvd

Node

getmotoradminmotor_adminRange0.0.1–0.2.56

VendorProductVersionCPE
getmotoradminmotor_admin*cpe:2.3:a:getmotoradmin:motor_admin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
getmotoradmin	motor_admin	*	cpe:2.3:a:getmotoradmin:motor_admin::::::::

References

github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9

www.mend.io/vulnerability-database/CVE-2022-23079

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

Percentile

12.8%

JSON

Related for NVD:CVE-2022-23079

cve1 prion1 osv1 cvelist1