[snipe/snipe-it] Snipe-IT allows attackers to check whether a user account exists

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-44381
• https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
• https://github.com/advisories/GHSA-qqv9-gqh5-7h99