Vulnerabilities > CVE-2022-44381

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2022-12-25

Updated: 2022-12-30

Summary

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.