CVE-2024-39211

Name of the Vulnerable Software and Affected Versions Kaiten version 57.128.8

Description The issue allows remote attackers to enumerate user accounts via a crafted POST request. This is possible because a login response contains a user email field only if the user account exists.

Recommendations For Kaiten version 57.128.8, consider modifying the login response to not include the user email field, or implement additional checks to prevent user account enumeration. As a temporary workaround, restrict access to the login endpoint to minimize the risk of exploitation.