CVE-2021-46876
User account enumeration in eZ Publish Ibexa Kernel in packagist/ezsystems/ezpublish-kernel
Identifiers
GHSA-89p3-9j8c-fqh4, CVE-2021-46876
Package Slug
packagist/ezsystems/ezpublish-kernel
Vulnerability
User account enumeration in eZ Publish Ibexa Kernel
Description
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
Affected Versions
All versions starting from 6.13.0 before 6.13.8.1, all versions starting from 7.5.0 before 7.5.15.1
Solution
Upgrade to versions 6.13.8.1, 7.5.15.1 or above.
Last Modified
2023-03-16
| source |