Vulnerability Description
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Getmotoradmin | Motor Admin | >= 0.0.1, <= 0.2.56 |
Related Weaknesses (CWE)
References
- https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82PatchThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-23079ExploitThird Party Advisory
- https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82PatchThird Party Advisory
- https://www.mend.io/vulnerability-database/CVE-2022-23079ExploitThird Party Advisory
FAQ
What is CVE-2022-23079?
CVE-2022-23079 is a vulnerability with a CVSS score of 6.8 (MEDIUM). In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
How severe is CVE-2022-23079?
CVE-2022-23079 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23079?
Check the references section above for vendor advisories and patch information. Affected products include: Getmotoradmin Motor Admin.