Lucene search
China National Vulnerability DatabaseCNVD-2022-11176HistoryFeb 16, 2022 - 12:00 a.m.
Snipe-IT Information Disclosure Vulnerability
2022-02-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
30.0%
Snipe-IT is an open source IT asset/license management system. snipe-it suffers from an information disclosure vulnerability that stems from the existence of two different responses for unregistered and registered email addresses in the password reset page. An attacker could use this vulnerability to enumerate the email addresses of registered users, which in turn would increase the success rate of brute force password cracking.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snipe-it snipe-it | lt | 5.3.9 |
Related
cve
cve
CVE-2022-0569
2022-02-14 12:15:22
osv
osv
CVE-2022-0569
2022-02-14 12:15:22
Exposure of Sensitive Information in snipe/snipe-it
2022-02-15 00:02:47
nvd
nvd
CVE-2022-0569
2022-02-14 12:15:22
huntr
huntr
Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it
2022-02-11 23:41:50
veracode
veracode
Information Disclosure
2022-02-15 07:29:02
github
github
Exposure of Sensitive Information in snipe/snipe-it
2022-02-15 00:02:47
prion
prion
Buffer overflow
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0569 Observable Discrepancy in snipe/snipe-it
2022-02-12 23:55:09