Search for vulnerabilities
| Vulnerability ID | VCID-9q94-psat-5kan |
| Aliases |
GHSA-89p3-9j8c-fqh4
|
| Summary | Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. ## Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-89p3-9j8c-fqh4 |
| cvssv3.1 | 5.3 | https://github.com/ezsystems/ezpublish-kernel |
| generic_textual | MODERATE | https://github.com/ezsystems/ezpublish-kernel |
| cvssv3.1 | 5.3 | https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed |
| generic_textual | MODERATE | https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed |
| cvssv3.1 | 5.3 | https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj |
| generic_textual | MODERATE | https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj |
| cvssv3.1 | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-46876 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2021-46876 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/ezsystems/ezpublish-kernel | ||
| https://nvd.nist.gov/vuln/detail/CVE-2021-46876 | ||
| GHSA-89p3-9j8c-fqh4 | https://github.com/advisories/GHSA-89p3-9j8c-fqh4 | |
| GHSA-gmrf-99gw-vvwj | https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-12T07:58:42.244303+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-89p3-9j8c-fqh4/GHSA-89p3-9j8c-fqh4.json | 38.6.0 |