CVE-2023-39343 MEDIUM

CVE-2023-39343: Sulu Observable Response Discrepancy on Admin Login

Vendor Sulu
Product sulu
Weakness CWE-204
Published August 4, 2023
Last update October 3, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

Key dates

02Disclosure timeline

August 4, 2023 CVE published
October 3, 2024 Record updated