CVE-2024-31218

Name of the Vulnerable Software and Affected Versions Webhood versions 0.9.0 and earlier

Description Webhood is a self-hosted URL scanner used for analyzing phishing and malicious sites. The vulnerability allows an unauthenticated attacker to send an HTTP request to the database (Pocketbase) admin API to create an admin account. This is possible because the Pocketbase admin API does not check for authentication/authorization when creating an admin account if no admin accounts have been added. In its default deployment, Webhood does not create a database admin account, making the deployment vulnerable unless users have manually created an admin account.

Recommendations For versions 0.9.0 and earlier, update to version 0.9.1 or later, which creates a randomly generated admin account if admin accounts have not already been created, thus patching the vulnerability. As a temporary workaround for versions 0.9.0 and earlier, consider disabling access to the URL path starting with /api/admins entirely to prevent exploitation via the network.