4 matches found
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
CVE-2022-44381
Snipe-IT (open source IT asset/license management) up to version 6.0.14 is affected. The vulnerability arises from response variations in the /password/reset endpoint that allow an attacker to determine whether a given user account exists (user enumeration). Impact is limited to information discl...