What the vulnerability does
01Description
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
CVE-2022-32741
MEDIUM
CVE-2022-32741: Information disclosure in Request New Password feature
CVSS base score
5.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
June 13, 2022
CVE published
September 16, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-41120 Unauthorized access to Credit card form in sylius/paypal-plugin
CVE-2024-7411 Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure
CVE-2024-25114 Sensitive Information Disclosure (JailID) to users in Collabora Online
CVE-2019-6850
CVE-2022-32751 IBM Security Verify Directory information disclosure
