GHSA-89p3-9j8c-fqh4, CVE-2021-46876
packagist/ezsystems/ezpublish-kernel
User account enumeration in eZ Publish Ibexa Kernel
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
All versions starting from 6.13.0 before 6.13.8.1, all versions starting from 7.5.0 before 7.5.15.1
Upgrade to versions 6.13.8.1, 7.5.15.1 or above.
2023-03-16
source |