WS-2021-0041 | Mend Vulnerability Database

Vulnerability DatabaseWS-2021-0041

WS-2021-0041

December 02, 2024

Security vulnerability was found in ezsystems/ezpublish-kernel 6.13.x before 6.13.8.1 and 7.5.x before 7.5.15.1. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests.

Related Resources (4)

https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed

https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj

https://github.com/advisories/GHSA-gmrf-99gw-vvwj

https://packagist.org/packages/ezsystems/ezpublish-kernel

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Products

Solutions

Resources

Company

Compare

Developer Tools