CVE-2023-39343

EPSS 0.5%
Veröffentlicht 04.08.2023 01:15:10
Zuletzt bearbeitet 21.11.2024 08:15:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Sulu Observable Response Discrepancy on Admin Login

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sulu ≫ Sulu Version >= 2.5.0 < 2.5.10

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.385

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b

Patch

https://github.com/sulu/sulu/releases/tag/2.5.10

Release Notes

https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-39343

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39343

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39343

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-39343