2 matches found
CVE-2022-39314 User enumeration in the code-based login and password reset forms
Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the...
CVE-2022-39314
CVE-2022-39314 affects Kirby (flat-file CMS) where the login URL paths for code-based login and password reset can be abused to enumerate valid users due to improper restriction of excessive authentication attempts. The issue occurs in Kirby versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1....