Enhancement: cves/2023/CVE-2023-24044.yaml by md

cves/2023/CVE-2023-24044.yaml

@@ -1,16 +1,16 @@
 id: CVE-2023-24044
 
 info:
-  name: Plesk Obsidian - Host Header Injection
+  name: Plesk Obsidian <=180.49 - Open Redirect
   author: pikpikcu
   severity: medium
   description: |
-    A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.
+    Plesk Obsidian through 180.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2023-24044
     - https://portswigger.net/web-security/host-header/exploiting
     - https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8
     - https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-24044
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 303
+
+# Enhanced by md on 2023/04/10