Low severity3.7NVD Advisory· Published Mar 12, 2023· Updated Jun 17, 2026
CVE-2022-48366
CVE-2022-48366
Description
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezsystems/ezplatform-kernelPackagist | >= 1.3.0, < 1.3.19 | 1.3.19 |
ezsystems/ezpublish-kernelPackagist | >= 7.5.0, < 7.5.29 | 7.5.29 |
Affected products
3- eZ Platform/Ibexa Kerneldescription
- ghsa-coords2 versions
>= 1.3.0, < 1.3.19+ 1 more
- (no CPE)range: >= 1.3.0, < 1.3.19
- (no CPE)range: >= 7.5.0, < 7.5.29
Patches
Vulnerability mechanics
References
5- developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commercenvdVendor AdvisoryWEB
- github.com/advisories/GHSA-66m4-gc8h-hpjxghsaADVISORY
- github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2nvdVendor AdvisoryWEB
- github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-48366ghsaADVISORY
News mentions
0No linked articles in our index yet.