Serious Snipe-IT bug exploitable to send password reset email traps

05-May-22

The flaw is referred to as a host header injection problem. When server communication is handled incorrectly, host header difficulties can develop, resulting in issues such as web cache poisoning, server-side request forgery (SSRF), and SQL injection attacks.

CVE-2022-23064, in the instance of Snipe-IT, allowed attackers to send forged host headers to the system’s reset password request capability. Read More…