QwikSec

Security Database

CVE

CWE

Training

CVE-2021-39189

Published: Sep 15, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.

Vendor	Product	Versions
pimcore	pimcore	affected `< 10.1.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9

x_refsource_CONFIRM

https://github.com/pimcore/pimcore/pull/10223.patch

x_refsource_MISC

https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce

x_refsource_MISC

https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.