CVE-2022-23064

Name of the Vulnerable Software and Affected Versions Snipe-IT versions v3.0-alpha through v5.3.7

Description The issue is related to Host Header Injection in the password reset function of Snipe-IT. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server, thus leading to password reset token leak and potentially allowing account take over. The vulnerability is due to the incorrect neutralization of special elements in the output.

Recommendations For versions v3.0-alpha through v5.3.7, as a temporary workaround, consider disabling the password reset function until a patch is available. Restrict access to the password reset module to minimize the risk of exploitation. Avoid using the password reset link in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.