exploitDog

CVE-2019-12743

Опубликовано: 29 июл. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

Ссылки

https://github.com/chanpu9/CVE/blob/master/2019-12743
Third Party Advisory
https://humhub.org/en/news
Product
Release Notes
https://github.com/chanpu9/CVE/blob/master/2019-12743
Third Party Advisory
https://humhub.org/en/news
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:humhub:social_network_kit:1.3.13:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 47%

0.00244

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-r8ch-45q6-53xj

CVSS3: 5.3

github

больше 3 лет назад

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

EPSS

Процентиль: 47%

0.00244

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203