Vulnerability Description
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nocodb | Nocodb | >= 0.9, <= 0.83.8 |
Related Weaknesses (CWE)
References
- https://github.com/nocodb/nocodb/commit/f46e89b0PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120ExploitThird Party Advisory
- https://github.com/nocodb/nocodb/commit/f46e89b0PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120ExploitThird Party Advisory
FAQ
What is CVE-2022-22120?
CVE-2022-22120 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error ...
How severe is CVE-2022-22120?
CVE-2022-22120 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22120?
Check the references section above for vendor advisories and patch information. Affected products include: Nocodb Nocodb.