Vulnerability Details CVE-2023-39343
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
- https://github.com/sulu/sulu/releases/tag/2.5.10
- https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
- https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
- https://github.com/sulu/sulu/releases/tag/2.5.10
- https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
Products affected by CVE-2023-39343
-
cpe:2.3:a:sulu:sulu:2.5.0
-
cpe:2.3:a:sulu:sulu:2.5.1
-
cpe:2.3:a:sulu:sulu:2.5.2
-
cpe:2.3:a:sulu:sulu:2.5.3
-
cpe:2.3:a:sulu:sulu:2.5.4
-
cpe:2.3:a:sulu:sulu:2.5.5
-
cpe:2.3:a:sulu:sulu:2.5.6
-
cpe:2.3:a:sulu:sulu:2.5.7
-
cpe:2.3:a:sulu:sulu:2.5.8
-
cpe:2.3:a:sulu:sulu:2.5.9