CVE-2024-54002 Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same...