Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoDB - Observable Discrepancy in the password-reset feature
Vulnerability Description
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
NocoDB 安全漏洞
Vulnerability Description
NocoDb是一个开源 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB存在安全漏洞,该漏洞源于在NocoDB中,0.9到0.83.8版本在密码重置特性上容易受到Observable Discrepancy的攻击。当请求为给定的电子邮件地址重置密码时,当该电子邮件未在系统中注册时,应用程序将显示一条错误消息。这允许攻击者可利用该漏洞枚举注册用户的电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A