Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r87r-982q-2c3q: Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Impact

Unauthorized users are able to obtain sensitive information about the system’s runtime environment, features they have no permissions to access, etc.

Patches

Update to version 10.6.4 or apply this patch manually https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch

Workarounds

Apply patch https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch manually.

References

https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c/

ghsa
#git#auth

Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

High severity GitHub Reviewed Published Jul 21, 2023 in pimcore/pimcore • Updated Jul 21, 2023

Related news

CVE-2023-3819: Confidential information provided to user with no permissions (#15530) · pimcore/pimcore@0237527

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection