Vulnerability Details : CVE-2021-36804
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please note that this issue is ultimately caused by the defaults provided by the Laravel framework, specifically how proxy headers are handled with respect to multi-tenant implementations. In other words, while this is not technically a vulnerability in Laravel, this default configuration is very likely to lead to practically identical identical vulnerabilities in Laravel projects that implement multi-tenant applications.
Products affected by CVE-2021-36804
- cpe:2.3:a:akaunting:akaunting:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36804
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36804
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
cve@rapid7.con | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2021-36804
-
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.Assigned by:
- cve@rapid7.con (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-36804
-
https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/
Multiple Open Source Web App Vulnerabilities Fixed | Rapid7 BlogExploit;Third Party Advisory
-
https://www.laravel-enlightn.com/docs/security/host-injection-analyzer.html
Host Injection Analyzer | EnlightnThird Party Advisory
-
https://github.com/laravel/laravel/pull/5477
[8.x] Uncomment TrustHosts middleware to enable it by default by DanielCoulbourne · Pull Request #5477 · laravel/laravel · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to