CVE-2022-22691 MEDIUM

CVE-2022-22691: Umbraco Password Reset URL Poison

Vendor Umbraco
Product Umbraco CMS
Weakness CWE-640 · Weak password recovery
Published January 18, 2022
Last update September 16, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.

Key dates

02Disclosure timeline

January 18, 2022 CVE published
September 16, 2024 Record updated