exploitDog

CVE-2020-14016

Опубликовано: 24 июн. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.

Ссылки

https://blog.sean-wright.com/navigate-cms/
Exploit
Third Party Advisory
https://cwe.mitre.org/data/definitions/204.html
https://blog.sean-wright.com/navigate-cms/
Exploit
Third Party Advisory
https://cwe.mitre.org/data/definitions/204.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:naviwebs:navigate_cms:2.9:r1433:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00393

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640

Связанные уязвимости

GHSA-pch6-cp5c-rvh9

CVSS3: 5.3

github

больше 3 лет назад

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.

EPSS

Процентиль: 60%

0.00393

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640