NocoDB Vulnerable to User Enumeration via Password Reset Endpoint

Summary The password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. Details POST /api/v2/auth/password/forgot returned a success message for registered emails but 'Your email has not been registered.' for unknown emails. The fix...

CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...

GHSA-654X-9Q7R-G966 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...

PT-2026-6376

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...