Описание
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.1.3 (исключая)
cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.0002
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-204
CWE-203
Связанные уязвимости
CVSS3: 5.3
github
больше 4 лет назад
Observable Response Discrepancy in Lost Password Service
EPSS
Процентиль: 5%
0.0002
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-204
CWE-203