Mealie1.0.0beta3 is vulnerable to user enumeration via... · CVE-2022-34623 · GitHub Advisory Database · GitHub

Mealie1.0.0beta3 is vulnerable to user enumeration via...

Moderate severity Unreviewed Published Aug 20, 2022 to the GitHub Advisory Database • Updated May 7, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.

References

Published by the National Vulnerability Database

Aug 19, 2022

Published to the GitHub Advisory Database Aug 20, 2022

Last updated May 7, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N