Lucene search
GoogleOSV:CVE-2022-23064HistoryMay 02, 2022 - 1:15 p.m.
CVE-2022-23064
2022-05-0213:15:08
Google
osv.dev
4
snipe-it
vulnerability
host header injection
password reset
account take over
software
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
Related
nvd
nvd
CVE-2022-23064
2022-05-02 13:15:08
veracode
veracode
Host Header Injection
2022-05-04 15:26:06
Host Header Injection
2022-05-05 02:11:10
osv
osv
snipe-IT vulnerable to host header injection
2022-05-03 00:00:43
github
github
snipe-IT vulnerable to host header injection
2022-05-03 00:00:43
cve
cve
CVE-2022-23064
2022-05-02 13:15:08
prion
prion
Design/Logic Flaw
2022-05-02 13:15:00
cvelist
cvelist
CVE-2022-23064 Snipe-IT - Host Header Injection
2022-05-02 12:30:14