CVE-2022-34623

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34623
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32425. Reason: This candidate is a duplicate of CVE-2022-32425. Notes: All CVE users should reference CVE-2022-32425 instead of this candidate.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

07 May 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://cwe.mitre.org/data/definitions/204.html', 'tags': ['Third Party Advisory'], 'source': 'cve@mitre.org'}
  • {'url': 'https://docs.mealie.io/changelog/v0.5.6/', 'tags': ['Release Notes', 'Third Party Advisory'], 'source': 'cve@mitre.org'}
  • {'url': 'https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/', 'tags': ['Third Party Advisory'], 'source': 'cve@mitre.org'}
  • {'url': 'https://hub.docker.com/r/hkotel/mealie', 'tags': ['Product', 'Third Party Advisory'], 'source': 'cve@mitre.org'}
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : unknown
CPE cpe:2.3:a:mealie:mealie:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mealie:mealie:1.0.0:beta3:*:*:*:*:*:*
Summary
  • (es) Mealie versión 1.0.0beta3, es vulnerable a la enumeración de usuarios por medio de la discrepancia de respuesta de tiempo entre usuarios y no usuarios cuando es mostrado un mensaje de contraseña no válida durante un intento de autenticación.
Summary (en) Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt. (en) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32425. Reason: This candidate is a duplicate of CVE-2022-32425. Notes: All CVE users should reference CVE-2022-32425 instead of this candidate.
CWE CWE-203

23 Aug 2022, 17:54

Type Values Removed Values Added
CPE cpe:2.3:a:mealie:mealie:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:mealie:mealie:0.5.5:*:*:*:*:*:*:*
CWE CWE-203
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
References (MISC) https://hub.docker.com/r/hkotel/mealie - (MISC) https://hub.docker.com/r/hkotel/mealie - Product, Third Party Advisory
References (MISC) https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/ - (MISC) https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/ - Third Party Advisory
References (MISC) https://cwe.mitre.org/data/definitions/204.html - (MISC) https://cwe.mitre.org/data/definitions/204.html - Third Party Advisory
References (MISC) https://docs.mealie.io/changelog/v0.5.6/ - (MISC) https://docs.mealie.io/changelog/v0.5.6/ - Release Notes, Third Party Advisory

19 Aug 2022, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-19 14:15

Updated : 2024-05-07 18:15

NVD link : CVE-2022-34623

Mitre link : CVE-2022-34623

CVE.ORG link : CVE-2022-34623

JSON object : View

Products Affected

No product.

CWE

No CWE.