Описание
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.1.4-4~deb9u3build0.18.04.1 |
| devel | not-affected | 3.2.5-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 3.1.4-4~deb9u3build0.18.04.1 |
| esm-apps/focal | not-affected | 3.2.5-1 |
| esm-apps/jammy | not-affected | 3.2.5-1 |
| esm-apps/noble | not-affected | 3.2.5-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE |
Показывать по
Ссылки на источники
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
Уязвимость системы управления контентом spip, связанная с раскрытием информации о пользователях, позволяющая нарушителю получить несанкционированный доступ к информации
5 Medium
CVSS2
5.3 Medium
CVSS3