CRITICAL🇵🇱 Wersja polska

CVE-2025-43932

CVSS 9.8v3.1pub. 2025-07-07upd. 2026-04-15

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

🤖 AI Analysis
How it works

The application does not have the SERVER_NAME variable configured, so it uses the HTTP Host header value provided by the client to generate the password reset link. An attacker can send a password reset request for a selected account while specifying their own server in the Host header. As a result, the password reset link is generated with a domain controlled by the attacker and sent to the victim's email address. If the victim clicks on such a link, the reset token goes to the attacker, who can use it to set a new password and take over the account.

Impact

An attacker can fully take over any user account in the application, gaining unauthorized access to data and functions assigned to that account (CWE-640: weak password recovery mechanism).

Mitigation & patch

Apply patches available from the vendor according to the references. As a workaround, configure the SERVER_NAME variable in the application so that generated password reset links always use a trusted, defined domain instead of the HTTP Host header value provided by the client.

Who is affected

JobCenter up to and including commit 7e7b0b2 (repository github.com/guomaoqiu/JobCenter)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References