Vulnerability Description
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sulu | Sulu | >= 2.5.0, < 2.5.10 |
Related Weaknesses (CWE)
References
- https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889bPatch
- https://github.com/sulu/sulu/releases/tag/2.5.10Release Notes
- https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mrMitigationVendor Advisory
- https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889bPatch
- https://github.com/sulu/sulu/releases/tag/2.5.10Release Notes
- https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mrMitigationVendor Advisory
FAQ
What is CVE-2023-39343?
CVE-2023-39343 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu ...
How severe is CVE-2023-39343?
CVE-2023-39343 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-39343?
Check the references section above for vendor advisories and patch information. Affected products include: Sulu Sulu.