First published: Thu Jun 06 2019(Updated: )
MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mybb Mybb | =1.18.19 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3579 is a vulnerability in MyBB 1.8.19 that allows remote attackers to obtain sensitive information by disclosing the username in a password-reset request without the code parameter.
CVE-2019-3579 affects MyBB version 1.8.19, allowing remote attackers to obtain sensitive information.
CVE-2019-3579 has a severity rating of medium, with a severity value of 5.3.
To fix CVE-2019-3579, you should update MyBB to version 1.8.20 or later, which was released as a security maintenance release.
You can find more information about CVE-2019-3579 on the MyBB blog at https://blog.mybb.com/ and specifically at https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/.