2 matches found
CVE-2022-22120
CVE-2022-22120 affects NocoDB versions 0.9 to 0.83.8. The vulnerability is an observable discrepancy in the password-reset flow that discloses whether an email is registered, enabling attacker-controlled enumeration of user email addresses. The description in the connected documents aligns on a u...
CVE-2022-22120 NocoDB - Observable Discrepancy in the password-reset feature
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...