Vulnerabilities > CVE-2019-16669 - Information Exposure Through Discrepancy vulnerability in Pagekit 1.0.17

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

pagekit

CWE-203

NVD

Published: 2019-09-21

Updated: 2019-09-23

Summary

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.

Vulnerable Configurations

Part	Description	Count
Application	Pagekit Pagekit Pagekit 1.0.17	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://github.com/pagekit/pagekit/issues/935