CVE-2022-34530

Source
https://cve.org/CVERecord?id=CVE-2022-34530
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34530.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-34530
Published
2022-08-01T19:24:37Z
Modified
2026-07-08T06:01:20.660268Z
Summary
[none]
Details

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34530.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/backdrop/backdrop

Affected ranges

Type
GIT
Repo
https://github.com/backdrop/backdrop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.22.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.1.0
1.10.0
1.11.0
1.13.0-preview
1.14.0
1.14.0-preview
1.15.0
1.15.0-preview
1.16.0
1.16.0-preview
1.17.0
1.17.0-preview
1.18.0
1.18.0-preview
1.19.0
1.19.0-preview
1.2.0
1.20.0
1.20.0-preview
1.21.0
1.21.0-preview
1.22.0
1.22.0-preview
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.1
1.4.2
1.4.3
1.5.0
1.5.1
1.6.0
1.7.0
1.7.0-preview
v1.*
v1.0.0
v1.0.0-preview
v1.0.1
v1.0.2
v1.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34530.json"