CVE-2023-38877 - OpenCVE

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Economizzer	Economizzer

Configuration 1 [-]

OR	cpe:2.3:a:economizzer:economizzer:0.9:beta1::::wordpress::*
	cpe:2.3:a:economizzer:economizzer:april_2023:::::wordpress::

References

Link	Resource
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38877	Exploit Third Party Advisory
https://github.com/gugoan/economizzer/	Product
https://www.economizzer.org	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-28T00:00:00

Updated: 2023-09-28T03:23:53.578854

Reserved: 2023-07-25T00:00:00

Link: CVE-2023-38877

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-28T04:15:12.280

Modified: 2023-10-02T18:45:30.747

Link: CVE-2023-38877

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:economizzer:economizzer:0.9:beta1:*:*:*:wordpress:*:*", "matchCriteriaId": "330109B8-8E3F-4E44-83B2-F000BEB32288", "vulnerable": true}, {"criteria": "cpe:2.3:a:economizzer:economizzer:april_2023:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BC008109-5EFA-47BA-99B2-01120532E7D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de encabezado del host en Economizzer v.0.9-beta1 de gugoan y en el commit 3730880 (abril de 2023). Al enviar un encabezado de host especialmente manipulado en la solicitud de restablecimiento de contrase\u00f1a, es posible enviar enlaces de restablecimiento de contrase\u00f1a a los usuarios que, una vez que se hace clic en ellos, conducen a un servidor controlado por el atacante y, por lo tanto, filtran el token de restablecimiento de contrase\u00f1a. Esto permite a un atacante restablecer las contrase\u00f1as de otros usuarios.\n"}], "id": "CVE-2023-38877", "lastModified": "2023-10-02T18:45:30.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-28T04:15:12.280", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38877"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/gugoan/economizzer/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.economizzer.org"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}