{"id":"CVE-2022-34530","details":"An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.","modified":"2026-04-12T03:45:31.595042Z","published":"2022-08-01T20:15:08.810Z","references":[{"type":"WEB","url":"http://backdrop.com"},{"type":"ADVISORY","url":"https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/backdrop/backdrop","events":[{"introduced":"0"},{"last_affected":"e6aae124678820b45cce2a8cda7b9021491e2418"}],"database_specific":{"cpe":"cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.22.0"}],"source":"CPE_FIELD"}}],"versions":["1.1.0","1.10.0","1.11.0","1.13.0-preview","1.14.0","1.14.0-preview","1.15.0","1.15.0-preview","1.16.0","1.16.0-preview","1.17.0","1.17.0-preview","1.18.0","1.18.0-preview","1.19.0","1.19.0-preview","1.2.0","1.20.0","1.20.0-preview","1.21.0","1.21.0-preview","1.22.0","1.22.0-preview","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.5.1","1.6.0","1.7.0","1.7.0-preview","v1.0.0","v1.0.0-preview","v1.0.1","v1.0.2","v1.0.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34530.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}