CVE-2022-22120

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.

Related Vulnerabilities

CVE-2013-1422

MEDIUM
CVSS:5.3(Medium)

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

CWE-2032013

CVE-2014-4156

MEDIUM
CVSS:5.3(Medium)

Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability

CWE-2032014

CVE-2016-9129

MEDIUM
CVSS:5.3(Medium)

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revi...

CWE-2032016

CVE-2017-5107

MEDIUM
CVSS:5.3(Medium)

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a craf...

CWE-2032017

CVE-2017-7006

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows...

CWE-2032017

CVE-2017-8055

MEDIUM
CVSS:5.3(Medium)

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier retur...

CWE-2032017