Cerebrate - Username enumeration | Web Application Security Testing

DATE

18.02.2022

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

Cerebrate – Open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP)

Vulnerable version

1.4

Fixed version

1.5

CVSS

5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability details

An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.

Recommendations

Update to Cerebrate version 1.5

CVE

CVE-2022-25320

Credits

Dawid Czarnecki

References

https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f
https://nvd.nist.gov/vuln/detail/CVE-2022-25320

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

Cerebrate – Username enumeration

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation