CVE-2022-22691

Source
https://cve.org/CVERecord?id=CVE-2022-22691
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22691.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-22691
Aliases
Published
2022-01-18T17:15:10.827Z
Modified
2026-04-10T04:44:31.739104Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type
GIT
Repo
https://github.com/umbraco/umbraco-cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.2.0"
        }
    ]
}

Affected versions

4.*
4.7.2
Release-4.*
Release-4.5.2
Release-4.6.0
Other
Sprint-Juno-A
release-netcore-alpha002
release-netcore-alpha004
release-6.*
release-6.1.0-beta
release-7.*
release-7.0.0
release-7.0.0-RC
release-7.0.0-beta
release-7.1.0
release-7.1.0-RC
release-7.1.1
release-7.1.2
release-7.1.3
release-7.1.4
release-7.2.0-alpha
release-7.2.0-beta
release-7.2.0-beta2
release-9.*
release-9.0.0
release-9.0.0-beta001
release-9.0.0-beta002
release-9.0.0-beta003
release-9.0.0-beta004
release-9.0.0-rc002
release-9.0.0-rc003
release-9.0.0-rc004
release-9.2.0-rc
release-netcore-0.*
release-netcore-0.5.0-alpha001

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22691.json"