![]() ![]() This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. Mastodon is a free, open-source social network server based on ActivityPub. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent. The maintainers recommend validating the host header and ensuring it matches the application's domain. Version 1.3.4 contains a patch for the vulnerability. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. It is then used to send an invitation email to the provided user. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. The host header from incoming HTTP requests is used unsafely when generating URLs. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. ![]() The attacker can use a specially crafted request to receive the e-mail log sent by other events. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.Īlf.io is an open source ticket reservation system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |