CVE-2022-23079 Information
Jun 28, 2022
cve
Description
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://www.mend.io/vulnerability-database/CVE-2022-23079 https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: