CVE-2022-22120
First published: Mon Jan 10 2022(Updated: )
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
Credit: vulnerabilitylab@mend.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xgenecloud Nocodb | >=0.9<=0.83.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22120?
CVE-2022-22120 is a vulnerability in NocoDB versions 0.9 to 0.83.8 that allows attackers to enumerate registered email addresses through the password reset feature.
How does CVE-2022-22120 affect NocoDB?
CVE-2022-22120 affects NocoDB versions 0.9 to 0.83.8 by allowing attackers to exploit an observable discrepancy in the password reset feature and enumerate registered email addresses.
What is the severity of CVE-2022-22120?
The severity of CVE-2022-22120 is medium, with a severity value of 5.3.
How can I fix CVE-2022-22120 in NocoDB?
To fix CVE-2022-22120 in NocoDB, you should update to a version beyond 0.83.8, which includes the security fix.
Where can I find more information about CVE-2022-22120?
You can find more information about CVE-2022-22120 on the official NocoDB GitHub repository and the WhiteSource Vulnerability Database.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- vendor/xgenecloud
- canonical/xgenecloud nocodb
- version/xgenecloud nocodb/0.9
- version/xgenecloud nocodb/0.83.8