How severe is CVE-2024-6056?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-6056?

This is classified as CWE-204, which is a common weakness in software security.

CVE-2024-6056 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-9499

MEDIUM

CVSS:5.3(Medium)

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts an...

CWE-2042016

CVE-2019-19030

MEDIUM

CVSS:5.3(Medium)

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

CWE-2042019

CVE-2021-20556

MEDIUM

CVSS:5.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

CWE-2042021

CVE-2021-36201

MEDIUM

CVSS:5.3(Medium)

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.

CWE-2042021

CVE-2021-38476

MEDIUM

CVSS:5.3(Medium)

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate differe...

CWE-2042021

CVE-2021-39189

MEDIUM

CVSS:5.3(Medium)

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in versio...

CWE-2042021