Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
AnalysisAI
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. Affected products include: Cern Indico. Version information: before 2.3.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Startin
Missing authentication checks on Indico's event series management API endpoint allows unauthenticated attackers to view
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated m
Cross-site scripting in Indico prior to version 3.3.10 allows authenticated users to inject malicious scripts through ma
Indico is an open source a general-purpose, web based event management tool. Rated medium severity (CVSS 5.4), this vuln
Indico versions before 3.3.10 allow authenticated event organizers to conduct server-side request forgery attacks by pro
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated m
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Rated m
A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today