CVE-2022-48366
Timing attack in eZ Platform Ibexa in packagist/ezsystems/ezpublish-kernel
Identifiers
GHSA-66m4-gc8h-hpjx, CVE-2022-48366
Package Slug
packagist/ezsystems/ezpublish-kernel
Vulnerability
Timing attack in eZ Platform Ibexa
Description
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
Affected Versions
All versions starting from 7.5.0 before 7.5.29
Solution
Upgrade to version 7.5.29 or above.
Last Modified
2023-03-16
| source |