GitHub Advisory DatabaseGHSA-8QP8-9RPW-J46CSMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.1%
Impact
A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled
Explanation of the vulnerability
Two different error messages was shown, based on if the user exists or not when using the forgot password functionality, when the SMTP was configured but do not response.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| umbraco.cms | ge | 11.0.0 | |
| umbraco.cms | lt | 12.3.4 | |
| umbraco.cms | ge | 9.0.0 | |
| umbraco.cms | lt | 10.8.1 | |
| umbraco.cms | lt | 8.18.10 |
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.1%