CVE-2017-5537

Published: Mar 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079

x_refsource_CONFIRM

[oss-security] 20170118 CVE request Weblate: information disclosure in password reset form

mailing-list

x_refsource_MLIST

https://github.com/WeblateOrg/weblate/issues/1317

x_refsource_CONFIRM

[oss-security] 20170119 Re: CVE request Weblate: information disclosure in password reset form

mailing-list

x_refsource_MLIST

95676

vdb-entry

x_refsource_BID

https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-5537

Description

Affected Products

References