CVE-2024-26470 - Vulnerability Details - OpenCVE

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fullstackhero	.net 9 Starter Kit

Configuration 1 [-]

OR	cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.0:::::::*
	cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.1:::::::*

No data.

References

Link	Providers
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470
https://github.com/fullstackhero/dotnet-webapi-boilerplate
https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate

History

Wed, 30 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fullstackhero Fullstackhero .net 9 Starter Kit
CPEs		cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.0:::::::* cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.1:::::::*
Vendors & Products		Fullstackhero Fullstackhero .net 9 Starter Kit

Wed, 28 Aug 2024 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-27T00:00:00

Updated: 2024-08-28T15:41:54.657Z

Reserved: 2024-02-19T00:00:00

Link: CVE-2024-26470

Vulnrichment

Updated: 2024-08-02T00:07:19.402Z

NVD

Status : Analyzed

Published: 2024-02-29T01:44:18.927

Modified: 2025-04-30T16:52:55.830

Link: CVE-2024-26470

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-26470", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-28T15:41:54.657Z", "dateReserved": "2024-02-19T00:00:00", "datePublished": "2024-02-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-27T17:21:02.087100"}, "descriptions": [{"lang": "en", "value": "A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate"}, {"url": "https://github.com/fullstackhero/dotnet-webapi-boilerplate"}, {"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.402Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate", "tags": ["x_transferred"]}, {"url": "https://github.com/fullstackhero/dotnet-webapi-boilerplate", "tags": ["x_transferred"]}, {"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "fullstackhero", "product": "webapi_boilerplate", "cpes": ["cpe:2.3:a:fullstackhero:webapi_boilerplate:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T15:36:31.664530Z", "id": "CVE-2024-26470", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:41:54.657Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate", "tags": ["x_transferred"]}, {"url": "https://github.com/fullstackhero/dotnet-webapi-boilerplate", "tags": ["x_transferred"]}, {"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.402Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26470", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T15:36:31.664530Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fullstackhero:webapi_boilerplate:*:*:*:*:*:*:*:*"], "vendor": "fullstackhero", "product": "webapi_boilerplate", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:41:47.222Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate"}, {"url": "https://github.com/fullstackhero/dotnet-webapi-boilerplate"}, {"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470"}], "descriptions": [{"lang": "en", "value": "A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-27T17:21:02.087100"}}}, "cveMetadata": {"cveId": "CVE-2024-26470", "state": "PUBLISHED", "dateUpdated": "2024-08-28T15:41:54.657Z", "dateReserved": "2024-02-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-27T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "78B65066-9186-4AFB-84F1-78D2A5441C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:fullstackhero:.net_9_starter_kit:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "51289FC1-D152-43DA-AC66-B1190FDD539F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de encabezado de host en la funci\u00f3n de contrase\u00f1a olvidada de WebAPI Boilerplate v1.0.0 y v1.0.1 de FullStackHero permite a los atacantes filtrar el token de restablecimiento de contrase\u00f1a a trav\u00e9s de una solicitud manipulada."}], "id": "CVE-2024-26470", "lastModified": "2025-04-30T16:52:55.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-29T01:44:18.927", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/fullstackhero/dotnet-webapi-boilerplate"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Product"], "url": "https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/fullstackhero/dotnet-webapi-boilerplate"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Product"], "url": "https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}