Moderate severityNVD Advisory· Published Aug 4, 2023· Updated Oct 3, 2024
Sulu Observable Response Discrepancy on Admin Login
CVE-2023-39343
Description
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sulu/suluPackagist | >= 2.5.0, < 2.5.10 | 2.5.10 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wmwf-49vv-p3mrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39343ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/sulu/sulu/CVE-2023-39343.yamlghsaWEB
- github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889bghsax_refsource_MISCWEB
- github.com/sulu/sulu/releases/tag/2.5.10ghsax_refsource_MISCWEB
- github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.