CVE-2019-25338

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-25338
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25338.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-25338
Downstream
Published
2026-02-12T23:16:07.670Z
Modified
2026-03-10T22:44:32.051703Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

References

Affected packages

Git / github.com/splitbrain/dokuwiki

Affected ranges

Type
GIT
Repo
https://github.com/splitbrain/dokuwiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
504b44a4c7fde212be653fc640f1685318449287
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2018-04-22b"
        }
    ]
}

Affected versions

Other
release-2005-07-01
release-2005-07-13
release-2005-09-19
release-2005-09-22
release-2006-03-05
release-2006-03-09
release-2006-09-28rc
release-2006-10-08rc
release-2006-10-19rc
release-2006-11-06
release-2007-05-24rc
release-2007-06-26
release-2008-03-31rc
release-2008-04-11rc
release-2008-05-04
release-2008-05-05
release-2009-01-26rc
release-2009-01-30rc
release-2009-02-06rc
release-2009-02-14
release-2009-12-02rc
release-2009-12-25
release-2010-10-07rc
release-2010-10-27rc
release-2010-11-07
release-2010-11-07a
release-2011-11-10rc
release-2011_05_25
release-2011_05_25a
release-2012-01-25
release-2012-01-25b
release-2012-10-13
release-2012_09_10rc
release-2013-05-10
release-2013-05-10a
release-2013-10-28rc
release-2013-11-18rc
release-2013-12-08
release-2013_03_06rc
release-2014-05-05
release-2014-05-05a
release-2014-09-29
release-2014-09-29a
release-2014_09_29b
release-2014_09_29c
release-2014_09_29d
release-2015-08-10
release-2015-08-10a
release-2016-06-26
release-2016-06-26a
release-2017-02-19
release-2017-02-19a
release-2017-02-19b
release-2017-02-19c
release-2017-02-19d
release-2017-02-19e
release-2018-04-22
release-2018-04-22a
release-2018-04-22b
release-2018-04-22c

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25338.json"