Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6t47-gps1-8qg1
Vulnerability ID VCID-6t47-gps1-8qg1
Aliases CVE-2024-29197
GHSA-5737-rqv4-v445
Summary Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 2e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-29197
epss 2e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-29197
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5737-rqv4-v445
cvssv3.1 6.5 https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53
ssvc Track https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53
cvssv3.1 6.5 https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
cvssv3.1_qr MODERATE https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
ssvc Track https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-29197
3ae43fb1065f9eb62ad2f542b883858d36d57e53 https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53
CVE-2024-29197 https://nvd.nist.gov/vuln/detail/CVE-2024-29197
GHSA-5737-rqv4-v445 https://github.com/advisories/GHSA-5737-rqv4-v445
GHSA-5737-rqv4-v445 https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:00Z/ Found at https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:00Z/ Found at https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
Exploit Prediction Scoring System (EPSS)
Percentile 0.00047
EPSS Score 2e-05
Published At June 6, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-05T17:30:07.557930+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/29xxx/CVE-2024-29197.json 38.6.0