PT-2023-23273 · Unknown · Serenity Serene+1
Fabian Densborn
·
Published
2023-04-27
·
Updated
2025-01-31
·
CVE-2023-31286
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Serenity Serene versions prior to 6.7.0
StartSharp versions prior to 6.7.0
Description
An issue was discovered where the server response to a password reset request leaks the existence of users. If a password reset is attempted for a non-existent user, the error message indicates that the user does not exist.
Recommendations
For Serenity Serene versions prior to 6.7.0, update to version 6.7.0 or later to resolve the issue.
For StartSharp versions prior to 6.7.0, update to version 6.7.0 or later to resolve the issue.
Exploit
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Serenity Serene
Startsharp