Lucene search

Veracode Vulnerability DatabaseVERACODE:44489

HistoryNov 30, 2023 - 10:23 a.m.

Host Header Injection

2023-11-3010:23:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

zitadel

vulnerability

host header injection

password reset

phishing

account takeover

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

37.4%

JSON

zitadel is vulnerable to Host Header Injection attack. The vulnerability is caused due to improper validation of the X-Forwarded-Host header while creating a password reset link. An attacker can phish a user by tampering with X-Forwarded-Host header, retrieve the secret code which can be used to reset the password and takeover the whole account.

References

github.com/zitadel/zitadel/commit/b5d7aee72e5ec0996447e9b7306e1134a8874b16

github.com/zitadel/zitadel/security/advisories/GHSA-2wmj-46rj-qm2w

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

37.4%

JSON

Related for VERACODE:44489