CVE-2017-5537

EPSS 0.54%
Veröffentlicht 15.03.2017 15:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version <= 2.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.668

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2017/01/18/11

Patch

Mailing List

http://www.openwall.com/lists/oss-security/2017/01/20/1

Patch

Mailing List

http://www.securityfocus.com/bid/95676

Third Party Advisory

VDB Entry

https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst

Patch

Release Notes

https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079

Patch

https://github.com/WeblateOrg/weblate/issues/1317

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-5537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5537

EUVD