CVE-2021-25980
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| debiki | talkyard | v0.04.01 < v0* | affected |
| debiki | talkyard | v0.2020.22-WIP-b2e97fe0e < v0.2020* | affected |
| debiki | talkyard | v0.2021 <= v0.2021.02-WIP-879ef3fe1 | affected |
| debiki | talkyard | tyse-v0.2021.02-879ef3fe1-regular < tyse-v0.2021* | affected |
Weaknesses
- CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/debiki/talkyard/commit/4067e191a909ed06f250d09a40e43aa5edbb0289
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25980
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://github.com/debiki/talkyard/commit/4067e191a909ed06f250d09a40e43aa5edbb0289
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25980
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.