🕵️ CVE-2023-49097 | Zitadel up to 2.39.8/2.40.9/2.41.5 Header X-Forwarded-Host password recovery (GHSA-2wmj-46rj-qm2w)
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vuldb.com
A vulnerability was found in Zitadel up to 2.39.8/2.40.9/2.41.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to weak password recovery. This vulnerability is known as CVE-2023-49097. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component. ...