CVE-2021-25994 - OpenCVE

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Userfrosting	Userfrosting

Configuration 1 [-]

cpe:2.3:a:userfrosting:userfrosting:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba	Patch Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mend

Published: 2022-01-03T06:45:10

Updated: 2022-01-03T06:45:10

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25994

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-03T07:15:07.243

Modified: 2022-01-13T17:43:02.343

Link: CVE-2021-25994

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"affected": [{"product": "userfrosting", "vendor": "userfrosting", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0.3.1", "versionType": "custom"}, {"lessThanOrEqual": "4.6.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "WhiteSource Vulnerability Research Team (WVR)"}], "descriptions": [{"lang": "en", "value": "In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the \u201cforgot password\u201d functionality to reset the victim\u2019s password and successfully take over their account."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-03T06:45:10", "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"tags": ["x_refsource_MISC"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}], "solutions": [{"lang": "en", "value": "Update to Userfrosting v4.6.3"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}, "title": "Userfrosting - Host-Header Injection Leads to Account Takeover", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2021-25994", "STATE": "PUBLIC", "TITLE": "Userfrosting - Host-Header Injection Leads to Account Takeover"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "userfrosting", "version": {"version_data": [{"version_affected": ">=", "version_value": "0.3.1"}, {"version_affected": "<=", "version_value": "4.6.2"}]}}]}, "vendor_name": "userfrosting"}]}}, "credit": [{"lang": "eng", "value": "WhiteSource Vulnerability Research Team (WVR)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the \u201cforgot password\u201d functionality to reset the victim\u2019s password and successfully take over their account."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba", "refsource": "MISC", "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994", "refsource": "MISC", "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}]}, "solution": [{"lang": "en", "value": "Update to Userfrosting v4.6.3"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "cveId": "CVE-2021-25994", "datePublished": "2022-01-03T06:45:10", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2022-01-03T06:45:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:userfrosting:userfrosting:*:*:*:*:*:*:*:*", "matchCriteriaId": "F162FAD0-B2DF-4681-897C-B050C9761387", "versionEndExcluding": "4.6.3", "versionStartIncluding": "0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the \u201cforgot password\u201d functionality to reset the victim\u2019s password and successfully take over their account."}, {"lang": "es", "value": "En Userfrosting, versiones v0.3.1 hasta v4.6.2, son vulnerables a una Inyecci\u00f3n de Encabezado de Host. Al atraer a un usuario de la aplicaci\u00f3n v\u00edctima para que haga clic en un enlace, un atacante no autenticado puede usar la funcionalidad \"forgot password\" para restablecer la contrase\u00f1a de la v\u00edctima y hacerse con su cuenta"}], "id": "CVE-2021-25994", "lastModified": "2022-01-13T17:43:02.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vulnerabilitylab@mend.io", "type": "Secondary"}]}, "published": "2022-01-03T07:15:07.243", "references": [{"source": "vulnerabilitylab@mend.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/userfrosting/UserFrosting/commit/796dd78757902435d1bd286415feea78098e45ba"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25994"}], "sourceIdentifier": "vulnerabilitylab@mend.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "vulnerabilitylab@mend.io", "type": "Secondary"}]}