CVE-2024-45980 identifies a host header injection vulnerability in MEANStore version 1.0. The vulnerability arises because the application improperly trusts the Host HTTP header during the password reset process. An attacker can craft a malicious password reset link containing a manipulated Host header. When a legitimate user interacts with this link, the application generates a password reset token that is exposed or leaked due to the injected header. This token can then be captured by the attacker, who can use it to reset the victim's password without authorization. The vulnerability falls under CWE-640 (Weak Password Recovery Mechanism), indicating that the password reset process lacks sufficient validation and security controls. The CVSS 3.1 base score is 8.8 (high), reflecting the network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact includes full compromise of user accounts, affecting confidentiality, integrity, and availability. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date.

The exploitation of this vulnerability can lead to complete account takeover for users of MEANStore 1.0, allowing attackers to reset passwords and gain unauthorized access to sensitive user data and functionality. This compromises user confidentiality and integrity, as attackers can impersonate victims and potentially escalate privileges within the application. The availability of user accounts may also be affected if attackers lock out legitimate users by changing passwords. For organizations, this can result in data breaches, loss of customer trust, regulatory penalties, and operational disruption. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to lure victims into clicking malicious links, increasing the risk of widespread exploitation. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as public disclosure may prompt attackers to develop exploits.

Organizations using MEANStore 1.0 should immediately audit their password reset workflows to ensure that Host headers are strictly validated against a whitelist of trusted domains and not directly used to generate password reset tokens or URLs. Implement server-side validation to reject requests with suspicious or unexpected Host headers. Employ additional security controls such as multi-factor authentication (MFA) for password resets to reduce the impact of token compromise. Monitor logs for unusual password reset requests and user activity indicative of account takeover attempts. Educate users about phishing risks and encourage caution when clicking on password reset links. Developers should update MEANStore to a patched version once available or apply custom patches to sanitize input headers. Additionally, consider implementing rate limiting on password reset requests to mitigate automated abuse.