Medium severity5.3NVD Advisory· Published Mar 15, 2017· Updated Jun 17, 2026
CVE-2017-5537
CVE-2017-5537
Description
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
weblatePyPI | < 2.10.1 | 2.10.1 |
Affected products
2Patches
Vulnerability mechanics
References
9- www.openwall.com/lists/oss-security/2017/01/18/11nvdMailing ListPatchWEB
- www.openwall.com/lists/oss-security/2017/01/20/1nvdMailing ListPatchWEB
- github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rstnvdPatchRelease NotesWEB
- github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079nvdPatchWEB
- github.com/WeblateOrg/weblate/issues/1317nvdIssue TrackingPatchWEB
- www.securityfocus.com/bid/95676nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-j24g-gm76-j829ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5537ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2017-42.yamlghsaWEB
News mentions
0No linked articles in our index yet.