What is CVE-2019-16394?

CVE-2019-16394 is a vulnerability in N/a. Published 2019-09-17.

Is CVE-2019-16394 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-16394

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.

EPSS: 0.567 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1… (x_refsource_MISC)
core.spip.net/issues/4171 (x_refsource_MISC)
zone.spip.net/trac/spip-zone/changeset/117577/spip-zone (x_refsource_MISC)
zone.spip.net/trac/spip-zone/changeset/117578/spip-zone (x_refsource_MISC)
20190925 [SECURITY] [DSA 4532-1] spip security update (mailing-list, x_refsource_BUGTRAQ)
DSA-4532 (vendor-advisory, x_refsource_DEBIAN)
[debian-lts-announce] 20191028 [SECURITY] [DLA 1975-1] spip security update (mailing-list, x_refsource_MLIST)
USN-4536-1 (vendor-advisory, x_refsource_UBUNTU)

Frequently asked questions

What is CVE-2019-16394?: CVE-2019-16394 is a vulnerability in N/a. Published 2019-09-17.
Is CVE-2019-16394 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.