Pwndoc
CVE-2022-44023
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.
AnalysisAI
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-307. PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. Affected products include: Pwndoc Project Pwndoc. Version information: through 0.5.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
PwnDoc is a penetration test reporting application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary cod
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control.
PwnDoc is a penetration test report generator. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitabl
PwnDoc is a penetration test reporting application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
PwnDoc is a penetration test report generator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploita
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings fo
PwnDoc is a penetration test report generator. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploita
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today