Описание
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.9 (включая) до 0.83.8 (включая)
cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00277
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
CVSS3: 5.3
github
около 4 лет назад
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
EPSS
Процентиль: 51%
0.00277
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203