Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-47107
HistoryNov 08, 2023 - 4:15 p.m.

Design/Logic Flaw

2023-11-0816:15:00
PRIOn knowledge base
www.prio-n.com
pilos
password reset
security flaw
open source
front-end
bigbluebutton
load balancer
vulnerability
patch
version 2.3.0

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0.

CPENameOperatorVersion
pilosge2.0.0
piloslt2.3.0

Related

cvelist 1
nvd 1
osv 1
cve 1
cvelist
cvelist
CVE-2023-47107 PILOS account takeover through password reset poisoning
2023-11-08 15:39:50
nvd
nvd
CVE-2023-47107
2023-11-08 16:15:10
osv
osv
CVE-2023-47107
2023-11-08 16:15:10
cve
cve
CVE-2023-47107
2023-11-08 16:15:10

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON
Related for PRION:CVE-2023-47107
cvelist1nvd1osv1cve1