5 matches found
CVE-2023-41885
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
CVE-2023-41885
CVE-2023-41885 affects Piccolo ORM. The BaseUser.login implementation leaks timing information, enabling malicious users to enumerate valid usernames (time-based user enumeration). Affected: versions before 0.121.0; fixed in 0.121.0. Impact is information disclosure and potential follow-on attack...
CVE-2023-41885 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
CVE-2023-41885 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
CVE-2023-41885
creationtimestamp| type| source ---|---|--- 2023-09-11 21:17:28+00:00| published-proof-of-concept| https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-h7cm-mrvq-wcfr 2023-09-13 00:23:20+00:00| seen| https://t.me/cibsecurity/70354...