High severityNVD Advisory· Published Nov 15, 2019· Updated Aug 5, 2024
CVE-2019-18986
CVE-2019-18986
Description
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pimcore/pimcorePackagist | < 6.2.2 | 6.2.2 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-8889-9g3f-73rjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-18986ghsaADVISORY
- github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185ghsax_refsource_MISCWEB
- github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.