Lucene search
China National Vulnerability DatabaseCNVD-2022-11176HistoryFeb 16, 2022 - 12:00 a.m.
Snipe-IT Information Disclosure Vulnerability
2022-02-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
snipe-it
open source
it asset
license management
information disclosure
vulnerability
password reset
email addresses
registered users
brute force
EPSS
0.001
Percentile
31.8%
Snipe-IT is an open source IT asset/license management system. snipe-it suffers from an information disclosure vulnerability that stems from the existence of two different responses for unregistered and registered email addresses in the password reset page. An attacker could use this vulnerability to enumerate the email addresses of registered users, which in turn would increase the success rate of brute force password cracking.
Related
huntr
huntr
Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it
2022-02-11 23:41:50
osv
osv
CVE-2022-0569
2022-02-14 12:15:22
Exposure of Sensitive Information in snipe/snipe-it
2022-02-15 00:02:47
cve
cve
CVE-2022-0569
2022-02-14 12:15:22
nvd
nvd
CVE-2022-0569
2022-02-14 12:15:22
github
github
Exposure of Sensitive Information in snipe/snipe-it
2022-02-15 00:02:47
veracode
veracode
Information Disclosure
2022-02-15 07:29:02
cvelist
cvelist
CVE-2022-0569 Observable Discrepancy in snipe/snipe-it
2022-02-12 23:55:09
prion
prion
Buffer overflow
2022-02-14 12:15:00