CVE-2023-39343 - OpenCVE

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sulu	Sulu

Configuration 1 [-]

cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b	Patch
https://github.com/sulu/sulu/releases/tag/2.5.10	Release Notes
https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-04T00:06:29.997Z

Updated: 2023-08-04T00:06:29.997Z

Reserved: 2023-07-28T13:26:46.476Z

Link: CVE-2023-39343

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-04T01:15:10.250

Modified: 2023-08-08T18:55:13.367

Link: CVE-2023-39343

JSON object: View

Redhat Information

No data.

CWE

CWE-204

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A840F85F-B8DC-41C1-81BE-691995D30ADF", "versionEndExcluding": "2.5.10", "versionStartIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. \n\n"}], "id": "CVE-2023-39343", "lastModified": "2023-08-08T18:55:13.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-08-04T01:15:10.250", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/sulu/sulu/releases/tag/2.5.10"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "security-advisories@github.com", "type": "Primary"}]}