CVE-2024-39211

Medium

Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a…

mitre·CWE-204·Published 2024-07-04

CVSS

5.3

EPSS

0.01

KEV

Exploits

cve.orgen

180 chars

Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.

NVDen

180 chars

Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.

Kaiten 57.128.8 permite a atacantes remotos enumerar cuentas de usuario a través de una solicitud POST manipulada, porque una respuesta de inicio de sesión contiene un campo user_email sólo si la cuenta de usuario existe.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N