CVE-2023-24044

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-24044
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae Exploit Third Party Advisory
https://medium.com/%40jetnipat.tho/cve-2023-24044-10e48ab940d8
https://support.plesk.com/hc/en-us/articles/10254625170322-Vulnerability-CVE-2023-24044
Configurations

Configuration 1 (hide)

cpe:2.3:a:plesk:obsidian:*:*:*:*:*:*:*:*
History

07 Nov 2023, 04:08

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8', 'name': 'https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40jetnipat.tho/cve-2023-24044-10e48ab940d8 -
Summary ** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
Information

Published : 2023-01-22 03:15

Updated : 2024-08-02 11:16

NVD link : CVE-2023-24044

Mitre link : CVE-2023-24044

CVE.ORG link : CVE-2023-24044

JSON object : View

Products Affected

plesk

  • obsidian
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024