5.3
CVE-2025-58442
- EPSS 0.29%
- Veröffentlicht 09.09.2025 19:46:45
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Saleor has user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellersaleor
≫
Produkt
saleor
Version
>= 3.21.0, < 3.21.16
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.204 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-204 Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5
https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95
https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb
https://github.com/saleor/saleor/releases/tag/3.21.16