{"id":"CVE-2023-38871","details":"The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.","aliases":["GHSA-h3qf-v68r-35jg"],"modified":"2026-03-14T12:12:38.125216Z","published":"2023-09-28T04:15:12.003Z","references":[{"type":"WEB","url":"https://www.economizzer.org"},{"type":"PACKAGE","url":"https://github.com/gugoan/economizzer"},{"type":"EVIDENCE","url":"https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gugoan/economizzer","events":[{"introduced":"0"},{"last_affected":"bc406f9afbcbdfa15c7d55db0ee3b0c017abcb2b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9-beta1"}]}}],"versions":["v0.4-alpha","v0.8-alpha","v0.9-beta1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"april_2023"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38871.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}