Vulnerabilities > Mealie

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-19	CVE-2022-34615	Weak Password Requirements vulnerability in Mealie 0.5.5/1.0.0 Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. network low complexity mealie CWE-521 critical	9.8
2022-08-19	CVE-2022-34621	Authorization Bypass Through User-Controlled Key vulnerability in Mealie 0.5.5/1.0.0 Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. network low complexity mealie CWE-639	6.5
2022-08-19	CVE-2022-34624	Insufficient Session Expiration vulnerability in Mealie 0.5.5/1.0.0 Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. network high complexity mealie CWE-613	5.9
2022-07-14	CVE-2022-32425	Information Exposure Through Discrepancy vulnerability in Mealie 1.0.0 The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. network low complexity mealie CWE-203	5.3

Vulnerabilities > Mealie {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mealie"}]}