CVE-2022-44381

Name of the Vulnerable Software and Affected Versions Snipe-IT versions 6.0.14 and earlier

Description The issue allows attackers to determine whether a user account exists due to variations in responses to a "/password/reset" request. This can be exploited by analyzing the different responses received from the system.

Recommendations For Snipe-IT versions 6.0.14 and earlier, as a temporary workaround, consider restricting access to the "/password/reset" endpoint until a patch is available. Additionally, monitor user account activity closely to detect any potential exploitation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.