← Retour aux CVEs
CVE-2022-34530
MEDIUM5.3
Description
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
Details CVE
Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/1/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
backdropcms:backdrop_cms
Faiblesses (CWE)
CWE-640
References
http://backdrop.com(cve@mitre.org)
http://backdrop.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.