CVE-2017-5537

Опубликовано: 15 мар. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

Ссылки

http://www.openwall.com/lists/oss-security/2017/01/18/11
Mailing List
Patch
http://www.openwall.com/lists/oss-security/2017/01/20/1
Mailing List
Patch
http://www.securityfocus.com/bid/95676
Third Party Advisory
VDB Entry
https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst
Patch
Release Notes
https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079
Patch
https://github.com/WeblateOrg/weblate/issues/1317
Issue Tracking
Patch
http://www.openwall.com/lists/oss-security/2017/01/18/11
Mailing List
Patch
http://www.openwall.com/lists/oss-security/2017/01/20/1
Mailing List
Patch
http://www.securityfocus.com/bid/95676
Third Party Advisory
VDB Entry
https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst
Patch
Release Notes
https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079
Patch
https://github.com/WeblateOrg/weblate/issues/1317
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Версия до 2.10 (включая)

EPSS

Процентиль: 67%

0.00543

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-5537

CVSS3: 5.3

debian

почти 9 лет назад

The password reset form in Weblate before 2.10.1 provides different er ...

GHSA-j24g-gm76-j829

CVSS3: 5.3

github

больше 3 лет назад

Weblate user account enumeration via reset password form

EPSS

Процентиль: 67%

0.00543

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200