Headline
GHSA-qqv9-gqh5-7h99: Snipe-IT allows attackers to check whether a user account exists
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
Snipe-IT allows attackers to check whether a user account exists
Moderate severity GitHub Reviewed Published Dec 25, 2022 • Updated Dec 30, 2022
Related news
CVE-2022-44381: CENSUS | IT Security Works
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.