Vulnerability Description
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snipeitapp | Snipe-It | >= 3.0.0, <= 5.3.7 |
Related Weaknesses (CWE)
References
- https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcPatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064ExploitThird Party Advisory
- https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcPatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064ExploitThird Party Advisory
FAQ
What is CVE-2022-23064?
CVE-2022-23064 is a vulnerability with a CVSS score of 8.8 (HIGH). In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset link...
How severe is CVE-2022-23064?
CVE-2022-23064 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23064?
Check the references section above for vendor advisories and patch information. Affected products include: Snipeitapp Snipe-It.