Moderate severityNVD Advisory· Published Apr 27, 2023· Updated Feb 13, 2025
CVE-2023-31286
CVE-2023-31286
Description
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Serenity.Net.CoreNuGet | < 6.7.0 | 6.7.0 |
Serenity.Net.WebNuGet | < 6.7.0 | 6.7.0 |
Affected products
3- Serenity/Serenedescription
- ghsa-coords2 versions
< 6.7.0+ 1 more
- (no CPE)range: < 6.7.0
- (no CPE)range: < 6.7.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-w7jm-9x4m-8qc3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-31286ghsaADVISORY
- packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.htmlghsaWEB
- seclists.org/fulldisclosure/2023/May/14ghsamailing-listWEB
- github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2ghsaWEB
- seclists.org/fulldisclosure/2023/May/14ghsaWEB
News mentions
0No linked articles in our index yet.