Lucene search
Veracode Vulnerability DatabaseVERACODE:35367HistoryMay 04, 2022 - 3:26 p.m.
Host Header Injection
2022-05-0415:26:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
56.6%
snipe/snipe-it is vulnerable to host header injection. An attacker is able to reset the password and take over an user account by luring the victim to an attacker controlled server via a maliciously crafted password request link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snipe/snipe-it | le | v5.3.7 | |
| snipe/snipe-it | le | v5.3.7 |
Related
nvd
nvd
CVE-2022-23064
2022-05-02 13:15:08
veracode
veracode
Host Header Injection
2022-05-05 02:11:10
osv
osv
snipe-IT vulnerable to host header injection
2022-05-03 00:00:43
CVE-2022-23064
2022-05-02 13:15:08
cve
cve
CVE-2022-23064
2022-05-02 13:15:08
github
github
snipe-IT vulnerable to host header injection
2022-05-03 00:00:43
prion
prion
Design/Logic Flaw
2022-05-02 13:15:00
cvelist
cvelist
CVE-2022-23064 Snipe-IT - Host Header Injection
2022-05-01 00:00:00