6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.5%
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the
baseurl setting as part of the password-reset URL. This can lead to
phishing attacks. (A remote unauthenticated attacker can change the URL’s
hostname via the HTTP Host header.) The vulnerability can be triggered only
if the Host header is not part of the web server routing process (e.g., if
several domains are served by the same web server).
Author | Note |
---|---|
ebarretto | Setting to ignored as upstream won’t fix it. Maintainer note: Autodetecting the host is an important feature for setting up wiki farms and it is a major convenience factor for our users (on installation, on moving the wiki between servers and accessing it from different network locations), so I’m leaning towards a WONTFIX here. |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
67.5%