A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
References
Configurations
History
21 Mar 2024, 02:46
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Nov 2023, 04:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." |
28 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |
References |
|
30 Jan 2023, 17:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:plesk:obsidian:*:*:*:*:*:*:*:* | |
First Time |
Plesk
Plesk obsidian |
|
References | (MISC) https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae - Exploit, Third Party Advisory | |
References | (MISC) https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8 - Exploit, Third Party Advisory | |
CWE | CWE-601 |
22 Jan 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-22 03:15
Updated : 2024-04-11 01:18
NVD link : CVE-2023-24044
Mitre link : CVE-2023-24044
CVE.ORG link : CVE-2023-24044
JSON object : View
Products Affected
plesk
- obsidian
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')