Very simple to exploit, attacker can receive the password reset email for any known user with any email address.
PoC is public and available. Please patch ASAP. You are not affected if you've enforced MFA for all users (as they will be able to reset password but can't login).
Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Covering a wide array of vulnerabilities using public templates & rich CVE data.
📝 Note:
Current focus is HTTP, more protocols coming soon
@GossiTheDog nice! I feel like it was good timing for us to move from #Nessus to #Nuclei for our automated network-wide scans last week.
It’s been great to see just how agile the community behind Nuclei is. Nessus never felt like that, probably due to the poorer onboarding experience for users and developers alike.