CVE-2023-39343

MEDIUM EPSS 38.8%
Published Aug 4, 20232y ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Aug 4, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
38.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-204

Affected Products 1

VendorProductVersionRange
sulusulu*≥2.5.0  –  <2.5.10

References 3

  • github.com https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
    Patch
  • github.com https://github.com/sulu/sulu/releases/tag/2.5.10
    Release Notes
  • github.com https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr
    MitigationVendor Advisory

Remediation

  • github.com https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b
    Patch