Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
References
Link | Resource |
---|---|
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b | Patch |
https://github.com/sulu/sulu/releases/tag/2.5.10 | Release Notes |
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr | Mitigation Vendor Advisory |
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b | Patch |
https://github.com/sulu/sulu/releases/tag/2.5.10 | Release Notes |
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr | Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b - Patch | |
References | () https://github.com/sulu/sulu/releases/tag/2.5.10 - Release Notes | |
References | () https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr - Mitigation, Vendor Advisory |
08 Aug 2023, 18:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b - Patch | |
References | (MISC) https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr - Mitigation, Vendor Advisory | |
References | (MISC) https://github.com/sulu/sulu/releases/tag/2.5.10 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Sulu
Sulu sulu |
04 Aug 2023, 02:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-04 01:15
Updated : 2024-11-21 08:15
NVD link : CVE-2023-39343
Mitre link : CVE-2023-39343
CVE.ORG link : CVE-2023-39343
JSON object : View
Products Affected
sulu
- sulu
CWE
CWE-204
Observable Response Discrepancy