CVE-2017-5537

EPSS 2.29%
Veröffentlicht 15.03.2017 15:59:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version <= 2.10

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.29%	0.809

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2017/01/18/11

Patch

Mailing List

http://www.openwall.com/lists/oss-security/2017/01/20/1

Patch

Mailing List

http://www.securityfocus.com/bid/95676

Third Party Advisory

VDB Entry

https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst

Patch

Release Notes

https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079

Patch

https://github.com/WeblateOrg/weblate/issues/1317

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-5537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5537

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-5537