Tulgaaaaaaaa

**Name of the Vulnerable Software and Affected Versions** NocoDB versions prior to 0.301.3 **Description** NocoDB is software for building databases as spreadsheets. The password forgot endpoint returns different responses for registered and unregistered emails, allowing user enumeration. The `/forgot-password` API endpoint is affected. The `email` parameter is used in the request. **Recommendations** Update to version 0.301.3 or later.

**Name of the Vulnerable Software and Affected Versions** NocoDB versions prior to 0.301.3 **Description** NocoDB is software for building databases as spreadsheets. Shared view passwords were stored in plaintext in the database and compared using direct string equality. This could allow unauthorized access to shared views. **Recommendations** Update to version 0.301.3 or later.