CVE-2022-23172

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description An attacker can access the "Forgot my password" button to verify which users are in the system and which are not. By entering a valid user, the system issues a message that a password reset email has been sent to the user, thus allowing the attacker to determine the existence of specific users within the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.