CVE-2024-22646
5.3
MEDIUM
CVSS 3.1
EPSS 0.35%
Description
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
How to fix CVE-2024-22646
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Bitnami/seopanel—no fix listed
Is CVE-2024-22646 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.10.0, <= 4.10.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |