CVE-2023-48205

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 7, 2023

Updated: Dec 11, 2023

CWE ID 74

Summary

CVE-2023-48205 is a vulnerability affecting the Jorani Leave Management System version 1.0.2. An attacker can exploit this issue by spoofing a Host header in password reset emails, potentially leading to phishing attacks and unauthorized account access. This vulnerability poses a significant risk to organizations using the affected software and highlights the importance of keeping software up-to-date with the latest security patches. Users are advised to verify email sender addresses and implement email security measures to mitigate the risk of phishing attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tYovJR
https://www.cve.org/CVERecord?id=CVE-2023-48205
https://nvd.nist.gov/vuln/detail/CVE-2023-48205

Back to Vulnerability Database

CVE-2023-48205

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations