First published: Mon Jan 10 2022(Updated: )
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
Credit: vulnerabilitylab@mend.io
Affected Software | Affected Version | How to fix |
---|---|---|
Xgenecloud Nocodb | >=0.9<=0.83.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22120 is a vulnerability in NocoDB versions 0.9 to 0.83.8 that allows attackers to enumerate registered email addresses through the password reset feature.
CVE-2022-22120 affects NocoDB versions 0.9 to 0.83.8 by allowing attackers to exploit an observable discrepancy in the password reset feature and enumerate registered email addresses.
The severity of CVE-2022-22120 is medium, with a severity value of 5.3.
To fix CVE-2022-22120 in NocoDB, you should update to a version beyond 0.83.8, which includes the security fix.
You can find more information about CVE-2022-22120 on the official NocoDB GitHub repository and the WhiteSource Vulnerability Database.