cbcvebase.
CVE-2022-22691
published 2022-01-18

CVE-2022-22691: The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be…

PriorityP337high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
1.02%
58.9th percentile
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.

Affected

1 ranges
VendorProductVersion rangeFixed in
umbracoumbraco_cms< 9.2.09.2.0

CVSS provenance

nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.