3 matches found
CVE-2022-24784
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...
CVE-2022-24784 Discoverability of user password hash in Statamic CMS
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...
CVE-2022-24784
CVE-2022-24784 affects the Statamic CMS (Laravel/Git powered). Before versions 3.2.39 and 3.3.2, an attacker could confirm a single character of a user’s password hash by sending crafted requests to the REST API’s users endpoint using a regular expression filter. Repeated requests could gradually...