CVE-2022-22691
published 2022-01-18CVE-2022-22691: The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be…
PriorityP337high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
1.02%
58.9th percentile
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco_cms | < 9.2.0 | 9.2.0 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Umbraco Persistent Password Reset Poison
osv·2022-01-21·CVSS 7.5
CVE-2022-22691 [HIGH] Umbraco Persistent Password Reset Poison
Umbraco Persistent Password Reset Poison
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
GHSA
Umbraco Persistent Password Reset Poison
ghsa·2022-01-21·CVSS 7.5
CVE-2022-22691 [HIGH] CWE-444 Umbraco Persistent Password Reset Poison
Umbraco Persistent Password Reset Poison
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-18
Published