Vulnerability Description
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Pimcore | < 10.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/pimcore/pull/10223.patchPatchThird Party Advisory
- https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca03PatchThird Party Advisory
- https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9Third Party Advisory
- https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/Third Party Advisory
- https://github.com/pimcore/pimcore/pull/10223.patchPatchThird Party Advisory
- https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca03PatchThird Party Advisory
- https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9Third Party Advisory
- https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/Third Party Advisory
FAQ
What is CVE-2021-39189?
CVE-2021-39189 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in versio...
How severe is CVE-2021-39189?
CVE-2021-39189 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39189?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Pimcore.