CVE-2020-27687
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
Learn more about our Cis Benchmark Audit For Server Software.
Learn more about our Cis Benchmark Audit For Server Software.