CVE-2024-51329

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
Configurations

Configuration 1 (hide)

cpe:2.3:a:idrsdev:agile-board:1.0:*:*:*:*:*:*:*

History

06 Nov 2024, 19:19

Type Values Removed Values Added
CPE cpe:2.3:a:idrsdev:agile-board:1.0:*:*:*:*:*:*:*
First Time Idrsdev agile-board
Idrsdev
References () https://github.com/idrsdev/agile-board/tree/main - () https://github.com/idrsdev/agile-board/tree/main - Product
References () https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51329%20-%20Host%20Header%20Injection - () https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51329%20-%20Host%20Header%20Injection - Exploit
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 8.8

05 Nov 2024, 21:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
CWE CWE-94
Summary
  • (es) Una vulnerabilidad de inyección de encabezado de host en Agile-Board 1.0 permite a los atacantes obtener el token de restablecimiento de contraseña a través de la interacción del usuario con un enlace de restablecimiento de contraseña manipulado específicamente.

04 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 18:15

Updated : 2024-11-06 19:19


NVD link : CVE-2024-51329

Mitre link : CVE-2024-51329

CVE.ORG link : CVE-2024-51329


JSON object : View

Products Affected

idrsdev

  • agile-board
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')