CVE-2023-39343
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| sulu | sulu | >= 2.5.0, < 2.5.10 | affected |
Weaknesses
- CWE-204: CWE-204: Observable Response Discrepancy
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
- https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
- https://github.com/sulu/sulu/releases/tag/2.5.10
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
- https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
- https://github.com/sulu/sulu/releases/tag/2.5.10
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.