Host Header Injection Vulnerability in ThingsBoard by ThingsBoard
CVE-2020-27687

8.8HIGH

Key Information:

Vendor

Thingsboard

Status
Thingsboard
Vendor
CVE Published:
18 December 2020

What is CVE-2020-27687?

ThingsBoard versions prior to v3.2 are susceptible to a Host header injection vulnerability within password-reset emails. This security flaw enables attackers to craft malicious links that can redirect victims to an attacker-controlled server. The absence of proper validation for the Host header facilitates the execution of this exploit, potentially compromising user accounts and sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/thingsboard/thingsboard/commits/master
x_refsource_MISC
https://gist.github.com/vin01/26a8bb13233acd9425e7575a7ad...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.