CVE-2021-25994 - Vulnerability Details - OpenCVE

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01758.

Key SSVC decision points have not yet been added.

Vendors	Products
Userfrosting	Userfrosting

Configuration 1 [-]

cpe:2.3:a:userfrosting:userfrosting:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

Update to Userfrosting v4.6.3

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mend

Published: 2022-01-03T06:45:10

Updated: 2024-08-03T20:19:19.566Z

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25994

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-03T07:15:07.243

Modified: 2024-11-21T05:55:45.417

Link: CVE-2021-25994

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "userfrosting", "vendor": "userfrosting", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0.3.1", "versionType": "custom"}, {"lessThanOrEqual": "4.6.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "WhiteSource Vulnerability Research Team (WVR)"}], "descriptions": [{"lang": "en", "value": "In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the \u201cforgot password\u201d functionality to reset the victim\u2019s password and successfully take over their account."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-03T06:45:10", "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"tags": ["x_refsource_MISC"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}], "solutions": [{"lang": "en", "value": "Update to Userfrosting v4.6.3"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}, "title": "Userfrosting - Host-Header Injection Leads to Account Takeover", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2021-25994", "STATE": "PUBLIC", "TITLE": "Userfrosting - Host-Header Injection Leads to Account Takeover"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "userfrosting", "version": {"version_data": [{"version_affected": ">=", "version_value": "0.3.1"}, {"version_affected": "<=", "version_value": "4.6.2"}]}}]}, "vendor_name": "userfrosting"}]}}, "credit": [{"lang": "eng", "value": "WhiteSource Vulnerability Research Team (WVR)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the \u201cforgot password\u201d functionality to reset the victim\u2019s password and successfully take over their account."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba", "refsource": "MISC", "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994", "refsource": "MISC", "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}]}, "solution": [{"lang": "en", "value": "Update to Userfrosting v4.6.3"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:19:19.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}]}]}, "cveMetadata": {"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "cveId": "CVE-2021-25994", "datePublished": "2022-01-03T06:45:10", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2024-08-03T20:19:19.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:userfrosting:userfrosting:*:*:*:*:*:*:*:*", "matchCriteriaId": "F162FAD0-B2DF-4681-897C-B050C9761387", "versionEndExcluding": "4.6.3", "versionStartIncluding": "0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the \u201cforgot password\u201d functionality to reset the victim\u2019s password and successfully take over their account."}, {"lang": "es", "value": "En Userfrosting, versiones v0.3.1 hasta v4.6.2, son vulnerables a una Inyecci\u00f3n de Encabezado de Host. Al atraer a un usuario de la aplicaci\u00f3n v\u00edctima para que haga clic en un enlace, un atacante no autenticado puede usar la funcionalidad \"forgot password\" para restablecer la contrase\u00f1a de la v\u00edctima y hacerse con su cuenta"}], "id": "CVE-2021-25994", "lastModified": "2024-11-21T05:55:45.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vulnerabilitylab@mend.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-03T07:15:07.243", "references": [{"source": "vulnerabilitylab@mend.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}], "sourceIdentifier": "vulnerabilitylab@mend.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "vulnerabilitylab@mend.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}