cvedb.io
CVE-2022-22120
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-01-10T16:15:10.180 · Last modified 2026-06-17T04:27:48.070

Summary

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.

Affected products

nocodb — nocodb

Does this affect you?

Add your gear to cvedb and we'll alert you only when nocodb ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.