Permalink
CVE-2019-25338
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
3 packages
- python312Packages.dokuwiki
- python313Packages.dokuwiki
- python314Packages.dokuwiki
- @LeSuisse dismissed
Dokuwiki 2018-04-22b - Username Enumeration
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
References
- ExploitDB-47731 exploit
- DokuWiki Official Homepage product
- DokuWiki Download Page product
- VulnCheck Advisory: Dokuwiki 2018-04-22b - Username Enumeration third-party-advisory
- ExploitDB-47731 exploit
- DokuWiki Official Homepage product
- DokuWiki Download Page product
- VulnCheck Advisory: Dokuwiki 2018-04-22b - Username Enumeration third-party-advisory
Affected products
Dokuwiki
- ==2018-04-22b "Greebo"
Matching in nixpkgs
pkgs.dokuwiki
Simple to use and highly versatile Open Source wiki software that doesn't require a database
-
nixos-unstable 2025-05-14b
- nixpkgs-unstable 2025-05-14b
- nixos-unstable-small 2025-05-14b
-
nixos-25.11 2025-05-14b
- nixos-25.11-small 2025-05-14b
- nixpkgs-25.11-darwin 2025-05-14b
Package maintainers
-
@1000101 Jan Hrnko <b1000101@pm.me>
-
@e1mo Nina Fromm <nixpkgs@e1mo.de>