Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r87r-982q-2c3q: Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Impact

Unauthorized users are able to obtain sensitive information about the system’s runtime environment, features they have no permissions to access, etc.

Patches

Update to version 10.6.4 or apply this patch manually https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch

Workarounds

Apply patch https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch manually.

References

https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c/

ghsa
Open in Source
#git#auth

Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

High severity GitHub Reviewed Published Jul 21, 2023 in pimcore/pimcore • Updated Jul 21, 2023

Related news

CVE-2023-3819: Confidential information provided to user with no permissions (#15530) · pimcore/pimcore@0237527

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

ghsa: Latest News

GHSA-62r2-gcxr-426x: starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
ghsa