Lucene search
Veracode Vulnerability DatabaseVERACODE:34228HistoryFeb 15, 2022 - 7:29 a.m.
Information Disclosure
2022-02-1507:29:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
information disclosure
password reset
remote attacker
user enumeration
brute-force attack
user credentials
EPSS
0.001
Percentile
31.8%
snipe/snipe-it is vulnerable to information disclosure. A remote unauthenticated attacker is able to enumerate users through the response message in the password reset page to figure out on which email address to try a password brute-force attack and gain access to user credentials.
Related
huntr
huntr
Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it
2022-02-11 23:41:50
cnvd
cnvd
Snipe-IT Information Disclosure Vulnerability
2022-02-16 00:00:00
osv
osv
CVE-2022-0569
2022-02-14 12:15:22
Exposure of Sensitive Information in snipe/snipe-it
2022-02-15 00:02:47
nvd
nvd
CVE-2022-0569
2022-02-14 12:15:22
cve
cve
CVE-2022-0569
2022-02-14 12:15:22
github
github
Exposure of Sensitive Information in snipe/snipe-it
2022-02-15 00:02:47
prion
prion
Buffer overflow
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0569 Observable Discrepancy in snipe/snipe-it
2022-02-12 23:55:09