Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to enumerate all accounts and obtain credentials for offline password cracking, 2FA bypass, and session hijacking. | |
| Title | Leantime - Credential Disclosure via Unauthenticated JSON-RPC users.getUser Method | |
| First Time appeared |
Leantime
Leantime leantime |
|
| Weaknesses | CWE-639 | |
| CPEs | cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Leantime
Leantime leantime |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-06T20:43:50.296Z
Reserved: 2026-07-06T15:31:46.188Z
Link: CVE-2026-59712
No data.
No data.
No data.
OpenCVE Enrichment
No data.