2 matches found
GHSA-MRQG-MWH7-Q94J Host header injection in the password reset
Summary The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able ...
CVE-2022-3173
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10...