4 matches found
CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...
CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...
PYSEC-2022-178
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...
CVE-2022-24798
CVE-2022-24798 affects Internet Routing Registry daemon (IRRd) v4 where password hashes could be exposed in query responses for mntner objects and database exports. Root cause: insufficient filtering of password hashes in IRRd’s output. Affected products/versions: IRRd 4.2.x (mirrors not affected...