CVE-2022-22120

EUVD-2022-27269
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
MendCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
nocodbnocodb
0.9 ≤
𝑥
≤ 0.83.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nocodb/nocodb/commit/f46e89b0
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120
https://github.com/nocodb/nocodb/commit/f46e89b0
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120