PT-2023-23273 · Unknown · Serenity Serene+1

Fabian Densborn

Publicado

2023-04-27

Atualizado

2025-01-31

CVE-2023-31286

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Serenity Serene versions prior to 6.7.0 StartSharp versions prior to 6.7.0

Description An issue was discovered where the server response to a password reset request leaks the existence of users. If a password reset is attempted for a non-existent user, the error message indicates that the user does not exist.

Recommendations For Serenity Serene versions prior to 6.7.0, update to version 6.7.0 or later to resolve the issue. For StartSharp versions prior to 6.7.0, update to version 6.7.0 or later to resolve the issue.

Exploit

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209

Identificadores relacionados

CVE-2023-31286

GHSA-W7JM-9X4M-8QC3

Produtos afetados

Serenity Serene

Startsharp

PT-2023-23273 · Unknown · Serenity Serene+1

CVE-2023-31286

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9