CVE-2023-39343

Опубликовано: 04 авг. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

Ссылки

https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
Patch
https://github.com/sulu/sulu/releases/tag/2.5.10
Release Notes
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
Mitigation
Vendor Advisory
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
Patch
https://github.com/sulu/sulu/releases/tag/2.5.10
Release Notes
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.5.10 (исключая)

EPSS

Процентиль: 58%

0.00362

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-204

Связанные уязвимости

GHSA-wmwf-49vv-p3mr