exploitDog

GHSA-f8pq-r7mv-pvxm

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.

Ссылки

EPSS

Процентиль: 54%

0.00316

Низкий

CVE ID

Дефекты

CWE-203

Связанные уязвимости

CVE-2020-9389

CVSS3: 3.7

nvd

около 5 лет назад

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.

EPSS

Процентиль: 54%

0.00316

Низкий

CVE ID

Дефекты

CWE-203