Medium severity5.3NVD Advisory· Published Mar 12, 2023· Updated Jun 17, 2026
CVE-2021-46876
CVE-2021-46876
Description
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezsystems/ezpublish-kernelPackagist | >= 6.13.0, < 6.13.8.1 | 6.13.8.1 |
ezsystems/ezpublish-kernelPackagist | >= 7.5.0, < 7.5.15.1 | 7.5.15.1 |
Affected products
2- eZ Publish/Ibexa Kerneldescription
Patches
Vulnerability mechanics
References
5- github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbednvdPatchWEB
- github.com/advisories/GHSA-gmrf-99gw-vvwjghsaADVISORY
- github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwjnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-46876ghsaADVISORY
- packagist.org/packages/ezsystems/ezpublish-kernelghsaWEB
News mentions
0No linked articles in our index yet.