CVE-2022-44381

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-44381

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-44381.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-44381

Aliases

GHSA-qqv9-gqh5-7h99

Published

2022-12-25T05:15:11.037Z

Modified

2026-03-13T06:43:23.481230Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.

References

https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/

Affected packages

Git / github.com/snipe/snipe-it

Affected ranges

Type

GIT

Repo

https://github.com/snipe/snipe-it

Events

Introduced

Last affected

66f8ac1cd1bc48561aa7056e90b92db704f88e75

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.14"
        }
    ]
}

Affected versions

3.*

3.2.0

5.*

5.1.7

V5.*

V5.4.0

v3.*

v3.0

v3.0-alpha

v3.0-alpha2

v3.0-beta.1

v3.0-beta.2

v3.0-beta.3

v3.0.0-beta

v3.1.0

v3.3.0

v3.3.0-beta

v3.4

v3.4.0-alpha

v3.4.0-beta

v3.5.0

v3.5.0-beta

v3.5.0-beta2

v3.5.1

v3.5.2

v3.6.0

v3.6.0-pre

v3.6.1

v3.6.1-pre

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

Other

v4-beta3

v4-beta4

v4.*

v4.0

v4.0-alpha

v4.0-alpha-2

v4.0-beta

v4.0-beta2

v4.0-beta5

v4.0-beta6

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.1.0-beta

v4.1.0-beta2

v4.1.1

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.5.0

v4.6.0

v4.6.1

v4.6.10

v4.6.11

v4.6.12

v4.6.13

v4.6.14

v4.6.15

v4.6.16

v4.6.17

v4.6.18

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.6.6

v4.6.7

v4.6.8

v4.6.9

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.7

v4.7.8

v4.8.0

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v5.*

v5.0.0

v5.0.0-beta-1.0

v5.0.0-beta-1.1

v5.0.0-beta-2

v5.0.0-beta-3.0

v5.0.0-beta-4

v5.0.0-beta-5

v5.0.0-beta-6-GM

v5.0.0-beta-7-GM

v5.0.1

v5.0.10

v5.0.11

v5.0.12

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.2.0

v5.3.0

v5.3.1

v5.3.10

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.8

v5.3.9

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v6.*

v6.0.0

v6.0.0-GM

v6.0.0-RC-1

v6.0.0-RC-2

v6.0.0-RC-3

v6.0.0-RC-4

v6.0.0-RC-5

v6.0.0-RC-6

v6.0.0-RC-7

v6.0.0-RC-8

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-44381.json"