CVE-2021-25980

In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the forgot password functionality to reset the victims password and successfully take over their account.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MendCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
talkyardtalkyard
0.04.01 ≤
𝑥
≤ 0.6.74-wip-63220cb
talkyardtalkyard
0.2020.22-wip-b2e97fe0e ≤
𝑥
≤ 0.2021.02-wip-879ef3fe1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/debiki/talkyard/commit/4067e191a909ed06f250d09a40e43aa5edbb0289
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25980
https://github.com/debiki/talkyard/commit/4067e191a909ed06f250d09a40e43aa5edbb0289
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25980