Observable Discrepancy
CVE-2023-38327
Summary
An issue was discovered in eGroupWare versions through 23.1.20230524. A User Enumeration vulnerability exists under "calendar/freebusy.php", which allows unauthenticated remote attackers to enumerate the users of web applications based on server response.
- LOW
- NETWORK
- NONE
- NONE
CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Advisory Timeline
- Published
