| |
Vulnerability CVE-2023-31286
Published: 2023-04-27
Description: |
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. |
See advisories in our WLB2 database: | Topic | Author | Date |
High |
| Fabian Densborn | 30.05.2023 |
References: |
https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|