CVE-2021-36804

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-36804

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36804.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-36804

Aliases

GHSA-246r-r2wf-frhx

Published

2021-08-04T23:15:08Z

Modified

2024-09-03T03:54:14.375668Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please note that this issue is ultimately caused by the defaults provided by the Laravel framework, specifically how proxy headers are handled with respect to multi-tenant implementations. In other words, while this is not technically a vulnerability in Laravel, this default configuration is very likely to lead to practically identical identical vulnerabilities in Laravel projects that implement multi-tenant applications.

References

Affected packages

Git / github.com/akaunting/akaunting

Affected ranges

Type: GIT
Repo: https://github.com/akaunting/akaunting
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

03c960d7e9745decec378c3576cc9310ad1ba100

Affected versions

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.0rc

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.0rc

1.3.0rc2

1.3.0rc3

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.15

1.3.16

1.3.17

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

2.*

2.0.0

2.0.1

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.2

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.0rc

2.1.1

2.1.10

2.1.11

2.1.12

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9