CVE-2024-45522 is a critical security vulnerability identified in the Linen web application, specifically in the password reset functionality implemented in the create function within apps/web/pages/api/forgot-password/index.ts. The core issue is the lack of domain verification when processing password reset requests. The application does not confirm that the domain initiating the reset is either linen.dev or www.linen.dev, which violates proper access control (CWE-284). This omission allows an attacker to craft password reset requests from unauthorized domains, potentially enabling unauthorized password resets without requiring authentication or user interaction. The vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making it highly accessible to attackers. The impact is severe, compromising confidentiality and integrity by enabling attackers to reset passwords and potentially take over user accounts. Although no known exploits are reported in the wild yet, the high CVSS score of 9.1 reflects the critical nature of this flaw. The vulnerability affects all versions of Linen before the fix identified by commit cd37c3e. The absence of patch links suggests that remediation is either pending or must be manually implemented by verifying domain constraints in the password reset workflow.

The vulnerability poses a significant risk to organizations using the Linen web application or any service relying on its password reset mechanism. Exploitation could lead to unauthorized password resets, allowing attackers to hijack user accounts, access sensitive personal or corporate data, and potentially escalate privileges within the affected systems. This compromises user confidentiality and data integrity, undermining trust in the service. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the threat landscape. Organizations could face data breaches, regulatory penalties, and reputational damage. Additionally, attackers could leverage compromised accounts to conduct further attacks such as phishing, fraud, or lateral movement within networks. The widespread use of web applications and password reset functionalities means the scope of affected systems could be broad, especially if Linen is integrated into larger platforms or services.

To mitigate this vulnerability, organizations should immediately implement strict domain validation checks in the password reset workflow to ensure that only requests originating from linen.dev or www.linen.dev are processed. This can be done by validating the HTTP Referer header, enforcing server-side domain checks, or implementing token-based verification tied to legitimate domain requests. Additionally, applying the patch identified by commit cd37c3e or updating to a fixed version of Linen is critical once available. Monitoring password reset logs for unusual patterns or spikes in reset requests can help detect exploitation attempts early. Employing multi-factor authentication (MFA) can reduce the impact of compromised accounts. Security teams should conduct thorough code reviews of authentication and password reset mechanisms to identify similar domain validation issues. Finally, educating users about phishing risks and encouraging strong, unique passwords can further reduce risk.