CVE-2024-51329

Name of the Vulnerable Software and Affected Versions Agile-Board version 1.0

Description A Host header injection issue allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This is achieved through exploiting the Host header injection vulnerability, which enables attackers to manipulate the password reset process.

Recommendations For Agile-Board version 1.0, consider restricting access to password reset links until a patch is available. As a temporary workaround, avoid using crafted password reset links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.