CVE-2019-18986: Improper Restriction of Excessive Authentication Attempts
(updated )
Pimcore allow attackers to brute-force (guess) valid usernames by using the ‘forgot password’ functionality as it returns distinct messages for invalid password and non-existing users.
References
Detect and mitigate CVE-2019-18986 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →