CVE-2022-22120
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nocodb | nocodb | 0.9 < unspecified | affected |
| nocodb | nocodb | unspecified <= 0.83.8 | affected |
Weaknesses
- CWE-203: CWE-203 Information Exposure Through Discrepancy
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/nocodb/nocodb/commit/f46e89b0
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120
References
- https://github.com/nocodb/nocodb/commit/f46e89b0
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.