exploitDog

GHSA-p776-fv6r-6vh8

Опубликовано: 07 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Ссылки

EPSS

Процентиль: 21%

0.00067

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-640

Связанные уязвимости

CVE-2025-43932

CVSS3: 9.8

nvd

7 месяцев назад

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

EPSS

Процентиль: 21%

0.00067

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-640