Description

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

Related CPE's

a

ibexa

commerce

4

a

ibexa

digital_experience_platform

3

a

ibexa

ez_platform

Vulnerable

a

ibexa

ezplatform-page-builder

2

a

ibexa

jmspaymentcorebundle

Vulnerable

o

ibexa

ez_platform_kernel

2

o

ibexa

kernel

2

References

https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce

Vendor Advisory

https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2

Vendor Advisory

https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94

Vendor Advisory

https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce

Vendor Advisory

https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2

Vendor Advisory

https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-362

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-362

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.7 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-12T05:15:12.137

2 years ago

Last modified

2025-03-04T17:15:10.980

2 months ago